Lucene search
+L

5 matches found

Patchstack
Patchstack
added 2021/08/23 12:0 a.m.22 views

WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.1 - Unauthorized Event TimeSlot Update vulnerability

Unauthorized Event TimeSlot Update vulnerability discovered by dc11 in WordPress Timetable and Event Schedule by MotoPress plugin versions = 2.4.1. Solution Update the WordPress Timetable and Event Schedule by MotoPress plugin to the latest available version at least 2.4.2...

5.4CVSS3.4AI score0.00506EPSS
Exploits2References3Affected Software1
Patchstack
Patchstack
added 2021/08/23 12:0 a.m.24 views

WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.1 - Unauthorized Event TimeSlot Deletion vulnerability

Unauthorized Event TimeSlot Deletion vulnerability discovered by dc11 in WordPress Timetable and Event Schedule by MotoPress plugin versions = 2.4.1. Solution Update the WordPress Timetable and Event Schedule by MotoPress plugin to the latest available version at least 2.4.2...

4.3CVSS3.4AI score0.0162EPSS
Exploits2References3Affected Software1
WPVulnDB
WPVulnDB
added 2021/08/23 12:0 a.m.23 views

Timetable and Event Schedule by MotoPress < 2.4.0 - Arbitrary User's Hashed Password/Email/Username Disclosure

The plugin outputs the Hashed Password, Username and Email Address along other less sensitive data of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the editposts capability. Combined with the other Unauthorised Event...

6.5CVSS0.2AI score0.01177EPSS
Exploits2Affected Software1
wpexploit
wpexploit
added 2021/08/23 12:0 a.m.813 views

Timetable and Event Schedule by MotoPress < 2.4.0 - Arbitrary User's Hashed Password/Email/Username Disclosure

The plugin outputs the Hashed Password, Username and Email Address along other less sensitive data of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the editposts capability. Combined with the other Unauthorised Event...

6.5CVSS0.01177EPSS
Exploits2
wpexploit
wpexploit
added 2021/08/23 12:0 a.m.728 views

Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot Update

The plugin does not have proper access control when updating a timeslot, allowing any user with the editposts capability contributor+ to update arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such attack to be perform via CSRF against a logged in with...

5.4CVSS5.4AI score0.00506EPSS
Exploits2
Rows per page
Query Builder