CVE-2024-0855

The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the eventauthor parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+...

CVE-2024-0855

creationtimestamp| type| source ---|---|--- 2024-02-27 10:26:18+00:00| seen| https://t.me/ctinow/194189...

CVE-2024-0855 Spiffy Calendar < 4.9.9 - Broken Access Control

The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the eventauthor parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+...

CVE-2024-0855

Summary: CVE-2024-0855 affects the Spiffy Calendar WordPress plugin (versions prior to 4.9.9). The root cause is that the plugin does not validate the event_author field when creating events, allowing any user to modify it and impersonate another author. Impact: creates deception about who create...

WordPress Spiffy Calendar Plugin < 4.9.9 is vulnerable to Broken Access Control

Software Spiffy Calendar Type Plugin Vulnerable versions 4.9.9 Fixed in 4.9.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-0855 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 34d04762f8cf Credits cyc707 Required privilege...