CVE-2024-6910

Name of the Vulnerable Software and Affected Versions EventON WordPress plugin versions prior to 2.2.17

Description The issue allows high privilege users, such as admins, to perform Cross-Site Scripting attacks by injecting malicious scripts, even when unfiltered html is disallowed. This is due to the plugin not sanitizing and escaping some of its settings.

Recommendations For versions prior to 2.2.17, upgrade the affected plugin immediately to protect your site. As a temporary workaround, consider restricting access to the plugin's settings handler to minimize the risk of exploitation.