5 matches found
WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.1 - Unauthorized Event TimeSlot Update vulnerability
Unauthorized Event TimeSlot Update vulnerability discovered by dc11 in WordPress Timetable and Event Schedule by MotoPress plugin versions = 2.4.1. Solution Update the WordPress Timetable and Event Schedule by MotoPress plugin to the latest available version at least 2.4.2...
WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.1 - Unauthorized Event TimeSlot Deletion vulnerability
Unauthorized Event TimeSlot Deletion vulnerability discovered by dc11 in WordPress Timetable and Event Schedule by MotoPress plugin versions = 2.4.1. Solution Update the WordPress Timetable and Event Schedule by MotoPress plugin to the latest available version at least 2.4.2...
Timetable and Event Schedule by MotoPress < 2.4.0 - Arbitrary User's Hashed Password/Email/Username Disclosure
The plugin outputs the Hashed Password, Username and Email Address along other less sensitive data of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the editposts capability. Combined with the other Unauthorised Event...
Timetable and Event Schedule by MotoPress < 2.4.0 - Arbitrary User's Hashed Password/Email/Username Disclosure
The plugin outputs the Hashed Password, Username and Email Address along other less sensitive data of the user related to the Even Head of the Timeslot in the response when requesting the event Timeslot data with a user with the editposts capability. Combined with the other Unauthorised Event...
Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot Update
The plugin does not have proper access control when updating a timeslot, allowing any user with the editposts capability contributor+ to update arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such attack to be perform via CSRF against a logged in with...