CVE-2025-6366 Event List <= 2.0.4 - Authenticated (Subscriber+) Privilege Escalation
The Event List plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 2.0.4. This is due to the plugin not properly validating a user's capabilities prior to updating their profile in the elupdateprofile function. This makes it possible for authenticated...