Community Events, CVE-2021-24496

CVE, Research URL: CVE-2021-24496
Home page URL: Security reports for Community Events
Application: Community Events
Published on: Aug 02, 2021
Research Description: The Community Events WordPress plugin before 1.4.8 does not sanitise, validate or escape its importrowscount and successimportcount GET parameters before outputting them back in an admin page, leading to a reflected Cross-Site Scripting issue which will be executed in the context of a logged in administrator
Affected versions: max 1.4.8.
Status: vulnerable