CVE-2024-2111

Summary

CVE-2024-2111 is a vulnerability found in the Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress. The vulnerability affects all versions up to and including 6.4.7.1 of the plugin. It is classified as a Stored Cross-Site Scripting vulnerability, resulting from insufficient input sanitization and output escaping. Authenticated attackers with contributor-level and above permissions can exploit this vulnerability to inject arbitrary web scripts into pages. These scripts will execute whenever a user accesses an injected page. The risk score assigned to this vulnerability is 25 out of 100, indicating a medium severity level. The privileges required for exploitation are low, and there is no user interaction required. The attack vector lies in the network, with low impact on integrity and confidentiality. The availability impact is none. To remediate this vulnerability, users should update the Events Manager plugin to a version that addresses this issue promptly to prevent potential unauthorized script injections and mitigate the associated risks it poses to organizations using WordPress with this plugin installed.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.