EventON-RSVP < 2.9.5 - Reflected XSS
Description
Reflected Cross-Site Scripting (XSS) vulnerability in EventON-RSVP WordPress plugin before 2.9.5, allowing high privilege users to be compromised.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Reflected Cross-Site Scripting (XSS) vulnerability in EventON-RSVP WordPress plugin before 2.9.5, allowing high privilege users to be compromised.
Vulnerability
The EventON-RSVP plugin before version 2.9.5 fails to sanitize and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting vulnerability. [1]
Exploitation
An attacker can craft a malicious URL containing the unsanitized parameters. When a high privilege user such as an admin clicks the link, the attacker's script executes in the user's browser within the context of the WordPress admin panel. [1]
Impact
Successful exploitation allows the attacker to perform actions on behalf of the admin, such as creating new admin users, modifying site content, or stealing session cookies, leading to full site compromise. [1]
Mitigation
The vulnerability is fixed in version 2.9.5. Users should update the plugin to the latest version. [1]
AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- WordPress/EventON-RSVP WordPress plugindescription
- Range: <2.9.5
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1- wpscan.com/vulnerability/218fb3af-3a40-486f-8ea9-80211a986fb3/mitreexploitvdb-entrytechnical-description
News mentions
0No linked articles in our index yet.