3 matches found
CVE-2021-24583
The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when deleting a timeslot, allowing any user with the editposts capability contributor+ to delete arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such...
CVE-2021-24583 Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot Deletion
The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when deleting a timeslot, allowing any user with the editposts capability contributor+ to delete arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such...
CVE-2021-24583
The Timetable and Event Schedule WordPress plugin by MotoPress (versions prior to 2.4.2) has a vulnerability where deleting a timeslot lacks proper access control and CSRF protection. Any user with the edit_posts capability (contributor+) can delete arbitrary timeslots from any event. The issue i...