CVE-2024-6910 Information

Description

The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

Reference

https://wpscan.com/vulnerability/468373c6-7e47-489a-92c1-75025c543fd5/