2 matches found
CVE-2024-8016
The Events Calendar Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 7.0.2 via deserialization of untrusted input from the 'filters' parameter in widgets. This makes it possible for authenticated attackers, with administrator-level access and...
WordPress The Events Calendar PRO Plugin <= 7.0.2 is vulnerable to Remote Code Execution (RCE)
Software The Events Calendar PRO Type Plugin Vulnerable versions = 7.0.2 Fixed in 7.0.2.1 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2024-8016 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID 6cd7e1f40c75 Credits István Márton Required...