CVE-2021-24943
N/A
N/A
Summary
The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL injection.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | Registrations for the Events Calendar – Event Registration Plugin | 2.7.6 < 2.7.6 | affected |
Weaknesses
- CWE-89: CWE-89 SQL Injection
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.