CVE-2024-5333

The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events...

WordPress The Events Calendar plugin < 6.8.2.1 - Unauthenticated Password Protected Event Disclosure vulnerability

Unauthenticated Password Protected Event Disclosure vulnerability discovered by Felipe Caon in WordPress Plugin The Events Calendar versions 6.8.2.1...

CVE-2024-5333

The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events...

CVE-2024-5333

The Events Calendar WordPress plugin (vendor: stellarwp) before version 6.8.2.1 has missing access checks in its REST API, allowing unauthenticated users to access information about password-protected events. The NVD/Nuclei and related sources confirm this information disclosure vector with explo...

CVE-2024-5333 The Events Calendar < 6.8.2.1 - Unauthenticated Password Protected Event Disclosure

The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events...

WordPress plugin The Events Calendar 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exis...

CVE-2024-8369

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. This makes it possible for unauthenticated attackers to view...

CVE-2024-8369

CVE-2024-8369 affects the WordPress plugin EventPrime – Events Calendar, Bookings and Tickets (≤ 4.0.4.3). The vulnerability arises from missing authorization checks, allowing unauthenticated attackers to view private or password-protected events. The issue is classified with a CVSS v3.1 base sco...

WordPress EventPrime plugin <= 4.0.4.3 - Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure vulnerability

Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure vulnerability discovered by Miguel Santareno in WordPress Plugin EventPrime versions = 4.0.4.3...

CVE-2024-1295

The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. e.g. password-protected events, drafts, etc...

CVE-2023-6447

The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name...

CVE-2023-6447 EventPrime < 3.3.6 - Unauthenticated Event Access

The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name...

Authorization

The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventonicsdownload ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id...

CVE-2023-2796 EventON < 2.1.2 - Unauthenticated Event Access

The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventonicsdownload ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id...