CVSS 3.1 Score 6.1 of 10 (medium)


Published Mar 13, 2024


CVE-2024-0976 is a vulnerability found in the WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress. This vulnerability allows unauthenticated attackers to perform Reflected Cross-Site Scripting attacks by injecting arbitrary web scripts through the plugin parameter. The vulnerability affects all versions up to and including 3.1.41 of the plugin. To remediate this vulnerability, users should update to the latest version of the plugin which includes input sanitization and output escaping improvements. The potential danger of this vulnerability lies in the ability for attackers to trick users into executing actions, such as clicking on a link, which can then execute arbitrary web scripts on vulnerable pages.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-0976 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options