Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:9B46FD80-F85E-4AE1-AC9A-2FA85361C8A7
HistoryMay 30, 2024 - 12:00 a.m.

The Events Calendar Free & Pro <= 6.4.0 - Contributor+ Missing Authorization to Authenticated Arbitrary Events Access

2024-05-3000:00:00
wpscan.com
7
wordpress
plugin
vulnerability
contributor
access
authentication

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

18.7%

JSON

Description Multiple plugins and/or themes for WordPress are vulnerable to unauthorized access of data due to a insufficient capability checks and restrictions on a function in various versions. This makes it possible for authenticated attackers, with Contributor-level access and above, to access arbitrary events that they should not have access to.

Related

nvd 1
cve 1
vulnrichment 1
cvelist 1
wpvulndb 1
wpexploit 1
wordfence 1
nvd
nvd
CVE-2024-1295
2024-06-14 06:15:10
cve
cve
CVE-2024-1295
2024-06-14 06:15:10
vulnrichment
vulnrichment
CVE-2024-1295 The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access
2024-06-14 06:00:02
cvelist
cvelist
CVE-2024-1295 The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access
2024-06-14 06:00:02
wpvulndb
wpvulndb
The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access
2024-05-24 00:00:00
wpexploit
wpexploit
The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access
2024-05-24 00:00:00
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)
2024-05-30 15:23:45

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

18.7%

JSON
Related for WPVDB-ID:9B46FD80-F85E-4AE1-AC9A-2FA85361C8A7
nvd1cve1vulnrichment1cvelist1wpvulndb1wpexploit1wordfence1