Critical severity9.8NVD Advisory· Published Dec 6, 2021· Updated Jun 17, 2026
CVE-2021-24943
CVE-2021-24943
Description
The Registrations for the Events Calendar WordPress plugin before 2.7.6 does not sanitise and escape the event_id in the rtec_send_unregister_link AJAX action (available to both unauthenticated and authenticated users) before using it in a SQL statement, leading to an unauthenticated SQL injection.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- WordPress/Registrations for the Events Calendardescription
- Range: <2.7.6
Patches
Vulnerability mechanics
References
1- wpscan.com/vulnerability/ba50c590-42ee-4523-8aa0-87ac644b77ednvdExploitThird Party Advisory
News mentions
0No linked articles in our index yet.