CVE-2021-25025

The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the addcalendarevent AJAX actions, allowing users with a role as low as subscriber to create events...

WordPress EventCalendar plugin cross-site scripting vulnerability

WordPress is the Wordpress Foundation's suite of blogging platforms developed using the PHP language. The platform supports personal blogging sites on PHP and MySQL servers. cross-site scripting vulnerability exists in versions of WordPress EventCalendar plugin prior to 1.1.15, which stems from t...

CVE-2021-25025

The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the addcalendarevent AJAX actions, allowing users with a role as low as subscriber to create events...

PT-2022-9582 · WordPress · Eventcalendar

Name of the Vulnerable Software and Affected Versions: EventCalendar WordPress plugin versions prior to 1.1.51 Description: The issue concerns a lack of proper authorization and CSRF checks in the add calendar event AJAX actions. This allows users with a role as low as subscriber to create events...