5 matches found
CVE-2025-12954
The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating, leading to arbitrary event disclosure when to users with a role as low as Contributor...
CVE-2025-12954 Timetable and Event Schedule by MotoPress < 2.4.16 - Contributor+ Event Disclosure via IDOR
The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating, leading to arbitrary event disclosure when to users with a role as low as Contributor...
CVE-2025-12954 Timetable and Event Schedule by MotoPress < 2.4.16 - Contributor+ Event Disclosure via IDOR
The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating, leading to arbitrary event disclosure when to users with a role as low as Contributor...
CVE-2025-12954
CVE-2025-12954 refers to the MotoPress Timetable and Event Schedule WordPress plugin. The vulnerability stems from missing access validation when duplicating an event, allowing arbitrary event disclosure to users with as little as Contributor privileges. Affected software/version: Timetable and E...
CVE-2024-5333 The Events Calendar < 6.8.2.1 - Unauthenticated Password Protected Event Disclosure
The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events...