2 matches found
EUVD-2021-11496
Malware in sbrugna...
Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot Update
The plugin does not have proper access control when updating a timeslot, allowing any user with the editposts capability contributor+ to update arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such attack to be perform via CSRF against a logged in with...