Medium severity4.8NVD Advisory· Published Nov 1, 2021· Updated Jun 17, 2026
CVE-2021-24813
CVE-2021-24813
Description
The Events Made Easy WordPress plugin before 2.2.24 does not sanitise and escape Custom Field Names, allowing high privilege users to perform Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Events Made Easydescription
- Range: <2.2.24
Patches
Vulnerability mechanics
References
2- plugins.trac.wordpress.org/changeset/2607749/nvdPatchThird Party Advisory
- wpscan.com/vulnerability/a1fe0783-7a88-4d75-967f-cef970b73752nvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.