5 matches found
WordPress SEATT: Simple Event Attendance plugin <= 1.5.0 - Cross-Site Request Forgery to Arbitrary Event Deletion vulnerability
Cross-Site Request Forgery to Arbitrary Event Deletion vulnerability discovered by MD. TAREQ AHAMED JONY itztrq - Knight Squad in WordPress Plugin SEATT: Simple Event Attendance versions = 1.5.0...
CVE-2024-3756 MF Gig Calendar <= 1.2.1 - Arbitrary Event Deletion via CSRF
The MF Gig Calendar WordPress plugin through 1.2.1 does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack...
MF Gig Calendar <= 1.2.1 - Arbitrary Event Deletion via CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in Contributors and above delete arbitrary events via a CSRF attack PoC Make a contributor or higher user open a link where is a valid event:...
Calendar Event Multi View < 1.4.07 - Unauthenticated Arbitrary Event Deletion
The plugin does not have any authorisation and CSRF checks in place when deleting events which could allow unauthenticated attackers to delete arbitrary events As an unauthenticated user, open the code below, this will delete the event with ID 4 from the calendar with ID 1...
Spiffy Calendar < 4.9.1 - Arbitrary Event Deletion via CSRF
The plugin does not have CSRF check in place when deleting events, allowing attacker to make a logged in admin delete arbitrary events via a CSRF attack...