Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2021-24584
HistorySep 20, 2021 - 10:15 a.m.

Cross site request forgery (csrf)

2021-09-2010:15:00
PRIOn knowledge base
www.prio-n.com
4

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.4%

JSON

The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when updating a timeslot, allowing any user with the edit_posts capability (contributor+) to update arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such attack to be perform via CSRF against a logged in with such capability. In versions before 2.3.19, the lack of sanitisation and escaping in some of the fields, like the descritption could also lead to Stored XSS issues

CPENameOperatorVersion
timetable_and_event_schedulelt2.4.2

Related

cve 1
nvd 1
wpvulndb 1
cvelist 1
wpexploit 1
patchstack 1
cve
cve
CVE-2021-24584
2021-09-20 10:15:08
nvd
nvd
CVE-2021-24584
2021-09-20 10:15:08
wpvulndb
wpvulndb
Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot Update
2021-08-23 00:00:00
cvelist
cvelist
CVE-2021-24584 Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot Update
2021-09-20 10:06:21
wpexploit
wpexploit
Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot Update
2021-08-23 00:00:00
patchstack
patchstack
WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.1 - Unauthorized Event TimeSlot Update vulnerability
2021-08-23 00:00:00

5.3 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

21.4%

JSON
Related for PRION:CVE-2021-24584
cve1nvd1wpvulndb1cvelist1wpexploit1patchstack1