Lucene search
K

5 matches found

OSV
OSV
added 2024/02/27 9:15 a.m.5 views

CVE-2024-0855

The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the eventauthor parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+...

5.3CVSS5.8AI score0.00482EPSS
Exploits2References1
CVE
CVE
added 2024/02/27 8:30 a.m.3826 views

CVE-2024-0855

Summary: CVE-2024-0855 affects the Spiffy Calendar WordPress plugin (versions prior to 4.9.9). The root cause is that the plugin does not validate the event_author field when creating events, allowing any user to modify it and impersonate another author. Impact: creates deception about who create...

5.3CVSS5.1AI score0.00482EPSS
Exploits2References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/02/27 12:0 a.m.5 views

PT-2024-15868 · WordPress · Spiffy Calendar

Name of the Vulnerable Software and Affected Versions: Spiffy Calendar WordPress plugin versions prior to 4.9.9 Description: The issue allows any user to alter the event author parameter when creating an event, leading to deceiving users/admins that a page was created by a Contributor+...

5.3CVSS6.7AI score0.00482EPSS
Exploits2References6
CNNVD
CNNVD
added 2024/02/27 12:0 a.m.6 views

WordPress plugin Spiffy Calendar security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.3CVSS6.5AI score0.00482EPSS
Exploits2References2
WPVulnDB
WPVulnDB
added 2024/02/02 12:0 a.m.24 views

Spiffy Calendar < 4.9.9 - Broken Access Control

Description The plugin doesn't check the eventauthor parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+. PoC Using a Contributor+ account and a proxy interceptor such as Burp Suite, create an event. Change...

6.4AI score0.00482EPSS
Exploits2Affected Software1
Rows per page
Query Builder