CVSS 3.1 Score 6.4 of 10 (medium)


Published Mar 28, 2024


CVE-2024-2111 is a vulnerability found in the Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress. The vulnerability affects all versions up to and including of the plugin. It is classified as a Stored Cross-Site Scripting vulnerability, resulting from insufficient input sanitization and output escaping. Authenticated attackers with contributor-level and above permissions can exploit this vulnerability to inject arbitrary web scripts into pages. These scripts will execute whenever a user accesses an injected page. The risk score assigned to this vulnerability is 25 out of 100, indicating a medium severity level. The privileges required for exploitation are low, and there is no user interaction required. The attack vector lies in the network, with low impact on integrity and confidentiality. The availability impact is none. To remediate this vulnerability, users should update the Events Manager plugin to a version that addresses this issue promptly to prevent potential unauthorized script injections and mitigate the associated risks it poses to organizations using WordPress with this plugin installed.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-2111 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options