6 matches found
WordPress Events Calendar 6.8.2.1 - Information Disclosure
The Events Calendar WordPress plugin 6.8.2.1 contains missing access checks in the REST API, letting unauthenticated users access information about password protected events, exploit requires no authentication. id: CVE-2024-5333 info: name: WordPress Events Calendar 6.8.2.1 - Information Disclosu...
CVE-2024-5333
The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events...
CVE-2024-5333
The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events...
CVE-2024-5333
creationtimestamp| type| source ---|---|--- 2024-12-16 06:04:20+00:00| seen| https://infosec.exchange/users/cve/statuses/113660989254789625 2024-12-16 08:08:38+00:00| seen| https://t.me/cvedetector/12960 2026-01-29 21:02:29+00:00| seen|...
CVE-2024-5333 The Events Calendar < 6.8.2.1 - Unauthenticated Password Protected Event Disclosure
The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events...
CVE-2024-5333
The Events Calendar WordPress plugin (vendor: stellarwp) before version 6.8.2.1 has missing access checks in its REST API, allowing unauthenticated users to access information about password-protected events. The NVD/Nuclei and related sources confirm this information disclosure vector with explo...