Stored Cross-Site Scripting (Stored XSS) is a critical web security vulnerability that allows attackers to inject malicious scripts into a website, which are then executed in the browsers of unsuspecting users. This article focuses on CVE-2024-10703, a Stored XSS vulnerability found in versions below 2.13.4 of the “Registrations for The Events Calendar” plugin for WordPress. This vulnerability can be exploited by an attacker with administrator privileges to inject harmful scripts that execute when users interact with certain elements of the website.
CVE-2024-10703 – Registrations for Events Calendar – Stored XSS to JS Backdoor Creation – POC
