Themify Event Post
Monthly
A Stored Cross-Site Scripting (XSS) vulnerability exists in the Themify Event Post WordPress plugin (versions up to 1.3.4) that allows authenticated users with low privileges to inject malicious scripts into web pages, which are then executed in the browsers of other site visitors. An attacker with login credentials can craft malicious input that persists in the database and affects all users viewing affected pages, potentially leading to session hijacking, credential theft, or website defacement. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting but not eliminating real-world risk.
A Stored Cross-Site Scripting (XSS) vulnerability exists in the Themify Event Post WordPress plugin (versions up to 1.3.4) that allows authenticated users with low privileges to inject malicious scripts into web pages, which are then executed in the browsers of other site visitors. An attacker with login credentials can craft malicious input that persists in the database and affects all users viewing affected pages, potentially leading to session hijacking, credential theft, or website defacement. The vulnerability requires user interaction (UI:R) and authenticated access (PR:L), limiting but not eliminating real-world risk.