2 matches found
CVE-2024-33996
Incorrect validation of allowed event types in a calendar web service made it possible for some users to create events with types/audiences they did not have permission to publish to...
PT-2022-9582 · WordPress · Eventcalendar
Name of the Vulnerable Software and Affected Versions: EventCalendar WordPress plugin versions prior to 1.1.51 Description: The issue concerns a lack of proper authorization and CSRF checks in the add calendar event AJAX actions. This allows users with a role as low as subscriber to create events...