CVE-2024-1295 The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access

2024-06-1406:00:02

WPScan

www.cve.org

cve-2024-1295

events calendar

wordpress plugin

arbitrary events access

contributor role

0.0004 Low

EPSS

Percentile

9.0%

JSON

The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn’t have access to. (e.g. password-protected events, drafts, etc.)

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "events-calendar-pro",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "6.4.0.1"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "The Events Calendar",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "6.4.0.1"
      }
    ],
    "defaultStatus": "unaffected"
  }
]

References

wpscan.com/vulnerability/3cffbeb0-545a-4002-b02c-0fa38cada1db/

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for CVELIST:CVE-2024-1295