6.4
CVSSv3

CVE-2024-13463

CVSSv4: NA | CVSSv3: 6.4 | CVSSv2: NA | VMScore: 740 | EPSS: 0.00045 | KEV: Not Included
Published: 31/01/2025 Updated: 31/01/2025

Vulnerability Summary

Stored Cross-Site Scripting in SeatReg WordPress Plugin via Shortcode Attributes

The SeatReg WordPress plugin versions 1.56.0 and earlier contain a Stored Cross-Site Scripting (XSS) vulnerability in the 'seatreg' shortcode. The vulnerability stems from a lack of proper input sanitization and output escaping for user-supplied attributes. Authenticated attackers with contributor-level permissions or higher can inject malicious web scripts that will execute when other users access the compromised pages.

Vulnerable Product Search on Vulmon Subscribe to Product

thesiim seatreg