WordPress is a blogging platform developed by the WordPress Foundation using the PHP language. The platform supports the hosting of personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of the WordPress plugin The Registrations for the Events Calendar prior to 2.7.10, which stems from the fact that The Registrations for the Events Calendar plugin does not escape the qtype parameter until it is exported back to the properties of the settings page. An attacker could exploit this vulnerability to execute JavaScript code on the client side.
CPE | Name | Operator | Version |
---|---|---|---|
wordpress the registrations for the events calendar plugin | lt | 2.7.10 |