9 matches found
CVE-2026-1987
The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the schedulerwidgetajaxsaveevent function lacking proper authorization checks and ownership verification when updating events. This makes it...
CVE-2026-1987
The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the schedulerwidgetajaxsaveevent function lacking proper authorization checks and ownership verification when updating events. This makes it...
CVE-2026-1987 Scheduler Widget <= 0.1.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Event Modification
The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the schedulerwidgetajaxsaveevent function lacking proper authorization checks and ownership verification when updating events. This makes it...
CVE-2026-1987
The PatchStack entry identifies a vulnerability in WordPress Scheduler Widget plugin (versions
CVE-2026-1987 Scheduler Widget <= 0.1.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Event Modification
The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the schedulerwidgetajaxsaveevent function lacking proper authorization checks and ownership verification when updating events. This makes it...
CVE-2026-1987
The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the schedulerwidgetajaxsaveevent function lacking proper authorization checks and ownership verification when updating events. This makes it...
PT-2026-8086
The Scheduler Widget plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 0.1.6. This is due to the scheduler widget ajax save event function lacking proper authorization checks and ownership verification when updating events. This makes it...
WordPress plugin Scheduler Widget 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
WordPress Scheduler Widget plugin <= 0.1.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Event Modification vulnerability
Insecure Direct Object Reference to Authenticated Subscriber+ Arbitrary Event Modification vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin Scheduler Widget versions = 0.1.6...