Lucene search
+L

4 matches found

redhatcve
redhatcve
added 2025/02/05 3:9 p.m.13 views

CVE-2020-36840

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpajaxrouteurl function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers t...

9.8CVSS6.7AI score0.00403EPSS
Exploits0
nvd
nvd
added 2024/10/16 8:15 a.m.30 views

CVE-2020-36840

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpajaxrouteurl function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers t...

9.8CVSS0.00403EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2024/10/16 7:31 a.m.19 views

CVE-2020-36840 Timetable and Event Schedule by MotoPress <= 2.3.8 - Missing Authorization

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpajaxrouteurl function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers t...

7.3CVSS7AI score0.00403EPSS
Exploits0References2
patchstack
patchstack
added 2024/10/16 12:0 a.m.12 views

WordPress Timetable and Event Schedule Plugin <= 2.3.8 is vulnerable to Broken Access Control

Software Timetable and Event Schedule Type Plugin Vulnerable versions = 2.3.8 Fixed in 2.3.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2020-36840 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID d75a5069efd3 Credits Ram Required...

9.8CVSS6.5AI score0.00403EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder