5 matches found
CVE-2024-1295
The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. e.g. password-protected events, drafts, etc...
CVE-2024-1295 The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access
The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. e.g. password-protected events, drafts, etc...
CVE-2024-1295 The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access
The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. e.g. password-protected events, drafts, etc...
WordPress The Events Calendar PRO Plugin < 6.4.0.1 is vulnerable to Sensitive Data Exposure
Software The Events Calendar PRO Type Plugin Vulnerable versions 6.4.0.1 Fixed in 6.4.0.1 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-1295 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bc59557889e3 Credits Scott Kingsley Cla...
WordPress The Events Calendar Plugin < 6.4.0.1 is vulnerable to Sensitive Data Exposure
Software The Events Calendar Type Plugin Vulnerable versions 6.4.0.1 Fixed in 6.4.0.1 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-1295 Patch priority Low CVSS severity Low 4.3 Developer Liquid Web / StellarWP PSID b63f9ed45e59 Credits Scott Kingsley...