WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.16 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure vulnerability

Insecure Direct Object Reference to Authenticated Contributor+ Sensitive Information Exposure vulnerability discovered by Jack Pas Dark. - Black Lantern Security in WordPress Plugin Timetable and Event Schedule versions = 2.4.16...

CVE-2024-39630

Deserialization of Untrusted Data vulnerability in MotoPress Timetable and Event Schedule allows Object Injection.This issue affects Timetable and Event Schedule: from n/a through 2.4.13...

WordPress Timetable and Event Schedule plugin < 2.4.16 - Contributor+ Event Disclosure via IDOR vulnerability

Contributor+ Event Disclosure via IDOR vulnerability discovered by bRpsd in WordPress Plugin Timetable and Event Schedule versions 2.4.16...

WordPress plugin Timetable and Event Schedule by MotoPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerability...

EUVD-2021-11636

Malware in sbrugna...

EUVD-2024-38136

Malicious code in bioql PyPI...

CVE-2021-24583

The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when deleting a timeslot, allowing any user with the editposts capability contributor+ to delete arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such...

WordPress Timetable and Event Schedule by MotoPress plugin <= 2.3.8 - Missing Authorization vulnerability

Missing Authorization vulnerability discovered by Ram in WordPress Plugin Timetable and Event Schedule versions = 2.3.8...

CVE-2020-36840

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpajaxrouteurl function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers t...

CVE-2020-36840

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpajaxrouteurl function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers t...

CVE-2020-36840 Timetable and Event Schedule by MotoPress <= 2.3.8 - Missing Authorization

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wpajaxrouteurl function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers t...

WordPress Timetable and Event Schedule Plugin <= 2.3.8 is vulnerable to Broken Access Control

Software Timetable and Event Schedule Type Plugin Vulnerable versions = 2.3.8 Fixed in 2.3.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2020-36840 Patch priority High CVSS severity High 7.3 Developer Claim ownership PSID d75a5069efd3 Credits Ram Required...

Upcoming Speaking Engagements

This is a current list of where and when I am scheduled to speak: I’m speaking at eCrime 2024 in Boston, Massachusetts, USA. The event runs from September 24 through 26, 2024, and my keynote is at 8:45 AM ET on the 24th. I’m briefly speaking at the EPIC Champion of Freedom Awards in Washington, D...

CVE-2024-39630

Deserialization of Untrusted Data vulnerability in MotoPress Timetable and Event Schedule allows Object Injection.This issue affects Timetable and Event Schedule: from n/a through 2.4.13...

CVE-2024-39630 WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.13 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in MotoPress Timetable and Event Schedule allows Object Injection.This issue affects Timetable and Event Schedule: from n/a through 2.4.13...

CVE-2024-39630

CVE-2024-39630 describes a Deserialization of Untrusted Data vulnerability in the MotoPress Timetable and Event Schedule plugin for WordPress (Timetable and Event Schedule, affected versions 2.4.13 and earlier). The root cause is PHP object injection via untrusted data deserialization. Red Hat an...

WordPress plugin Timetable and Event Schedule 代码问题漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A code issue vulnerability exists in...

WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.13 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by VNPT Nguyễn Phương Bắc Patchstack Alliance in WordPress Plugin Timetable and Event Schedule versions = 2.4.13...

WordPress Timetable and Event Schedule Plugin <= 2.4.13 is vulnerable to PHP Object Injection

Software Timetable and Event Schedule Type Plugin Vulnerable versions = 2.4.13 Fixed in 2.4.14 OWASP Top 10 A3: Injection Classification PHP Object Injection CVE CVE-2024-39630 Patch priority Low CVSS severity Low 5.5 Developer Claim ownership PSID 6ee205917cb2 Credits !\VNPT\ Nguyễn Phương...

Security and Human Behavior (SHB) 2024

This week, I hosted the seventeenth Workshop on Security and Human Behavior at the Harvard Kennedy School. This is the first workshop since our co-founder, Ross Anderson, died unexpectedly. SHB is a small, annual, invitational workshop of people studying various aspects of the human side of...