5 matches found
CVE-2024-0855
The Spiffy Calendar WordPress plugin before 4.9.9 doesn't check the eventauthor parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+...
CVE-2024-0855
Summary: CVE-2024-0855 affects the Spiffy Calendar WordPress plugin (versions prior to 4.9.9). The root cause is that the plugin does not validate the event_author field when creating events, allowing any user to modify it and impersonate another author. Impact: creates deception about who create...
PT-2024-15868 · WordPress · Spiffy Calendar
Name of the Vulnerable Software and Affected Versions: Spiffy Calendar WordPress plugin versions prior to 4.9.9 Description: The issue allows any user to alter the event author parameter when creating an event, leading to deceiving users/admins that a page was created by a Contributor+...
WordPress plugin Spiffy Calendar security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...
Spiffy Calendar < 4.9.9 - Broken Access Control
Description The plugin doesn't check the eventauthor parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+. PoC Using a Contributor+ account and a proxy interceptor such as Burp Suite, create an event. Change...