CVE-2024-8016

The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. This makes it possible for authenticated attackers, with administrator-level access and...

CVE-2024-8016

The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. This makes it possible for authenticated attackers, with administrator-level access and...

CVE-2024-8016

The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. This makes it possible for authenticated attackers, with administrator-level access and...

CVE-2024-8016 The Events Calendar Pro <= 7.0.2 - Authenticated (Administrator+) PHP Object Injection to Remote Code Execution

The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. This makes it possible for authenticated attackers, with administrator-level access and...

CVE-2024-8016

CVE-2024-8016 affects The Events Calendar Pro for WordPress. The vulnerability is a PHP Object Injection via deserialization of untrusted input from the widgets’ filters parameter, enabling an attacker with administrator-level access (and in some configs, even lower-privilege users) to inject a P...

WordPress The Events Calendar Pro plugin <= 7.0.2 - Authenticated (Administrator+) PHP Object Injection to Remote Code Execution vulnerability

Authenticated Administrator+ PHP Object Injection to Remote Code Execution vulnerability discovered by István Márton in WordPress Plugin The Events Calendar PRO versions = 7.0.2...

PT-2024-38753

Name of the Vulnerable Software and Affected Versions: The Events Calendar Pro plugin for WordPress versions up to, and including, 7.0.2 Description: The issue is related to PHP Object Injection via deserialization of untrusted input from the filters parameter in widgets. This allows authenticate...

WordPress plugin Events Calendar Pro 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A code issue vulnerability...

CVE-2024-1295

The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. e.g. password-protected events, drafts, etc...

CVE-2024-1295

The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. e.g. password-protected events, drafts, etc...

WordPress The Events Calendar PRO < 6.4.0.1 - Authenticated (Contributor+) Arbitrary Events Access vulnerability

Authenticated Contributor+ Arbitrary Events Access vulnerability discovered by Scott Kingsley Clark in WordPress Plugin The Events Calendar PRO versions 6.4.0.1...

WordPress The Events Calendar PRO Plugin < 6.4.0.1 is vulnerable to Sensitive Data Exposure

Software The Events Calendar PRO Type Plugin Vulnerable versions 6.4.0.1 Fixed in 6.4.0.1 OWASP Top 10 A1: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2024-1295 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bc59557889e3 Credits Scott Kingsley Cla...