0.001 Low
EPSS
Percentile
29.7%
The plugin does not check that an event belongs to the user editing/deleting it, allowing any authenticated users to delete arbitrary one via an IDOR attack