CVE-2025-12954

The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating, leading to arbitrary event disclosure when to users with a role as low as Contributor...

CVE-2025-12954

The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating, leading to arbitrary event disclosure when to users with a role as low as Contributor...

CVE-2025-12954 Timetable and Event Schedule by MotoPress < 2.4.16 - Contributor+ Event Disclosure via IDOR

The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating, leading to arbitrary event disclosure when to users with a role as low as Contributor...

EUVD-2025-200729

The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating, leading to arbitrary event disclosure when to users with a role as low as Contributor...

EUVD-2022-48675

Malicious code in bioql PyPI...

CVE-2021-24585

The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs the Hashed Password, Username and Email Address along other less sensitive data of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the editposts...

WordPress Timetable and Event Schedule by MotoPress plugin <= 2.3.8 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Ram in WordPress Plugin Timetable and Event Schedule versions = 2.3.8...

WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.13 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by VNPT Nguyễn Phương Bắc Patchstack Alliance in WordPress Plugin Timetable and Event Schedule versions = 2.4.13...

WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.11 - Authenticated (Contributor+) SQL Injection vulnerability

Authenticated Contributor+ SQL Injection vulnerability discovered by Krzysztof Zając in WordPress Plugin Timetable and Event Schedule versions = 2.4.11...

CVE-2022-45821

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in NooTheme Noo Timetable plugin = 2.1.3 versions...

CVE-2022-45821

Auth. contributor+ Stored Cross-Site Scripting XSS vulnerability in NooTheme Noo Timetable plugin = 2.1.3 versions...

CVE-2022-45821

CVE-2022-45821: Stored Cross-Site Scripting in NooTheme Noo Timetable plugin

CVE-2022-45828

Cross-Site Request Forgery CSRF vulnerability in NooTheme Noo Timetable plugin = 2.1.3 versions...

CVE-2022-45828

Cross-Site Request Forgery CSRF vulnerability in NooTheme Noo Timetable plugin = 2.1.3 versions...

CVE-2022-45828 WordPress NOO Timetable Plugin <= 2.1.3 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in NooTheme Noo Timetable plugin = 2.1.3 versions...

CVE-2022-45828

CVE-2022-45828 : CSRF vulnerability in the WordPress plugin “Noo Timetable” (NooTheme) affecting versions ≤ 2.1.3. Underlying issue: CSRF in the plugin could lead to unauthorized actions by an authenticated user. CVSS shows high impact (C/H, I/H, A/H in the primary entry; network attack vector, u...

CVE-2021-24585

The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs the Hashed Password, Username and Email Address along other less sensitive data of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the editposts...

Cross site request forgery (csrf)

The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when deleting a timeslot, allowing any user with the editposts capability contributor+ to delete arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such...

CVE-2021-24584 Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot Update

The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when updating a timeslot, allowing any user with the editposts capability contributor+ to update arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such...

WordPress Plugin Timetable and Event Schedule 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...