6.5
CVE-2024-1295
- EPSS 1.12%
- Veröffentlicht 14.06.2024 06:15:10
- Zuletzt bearbeitet 21.11.2024 08:50:15
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginThe Events Calendar Free & Pro <= 6.4.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Events Access
The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts, etc.)
Mögliche Gegenmaßnahme
The Events Calendar Pro: Update to version 6.4.0.1, or a newer patched version
The Events Calendar: Update to version 6.4.0.1, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
The Events Calendar Pro
Version
*-6.4.0
SystemWordPress Plugin
≫
Produkt
The Events Calendar
Version
*-6.4.0
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Tri ≫ The Events Calendar SwPlatformwordpress Version < 6.4.0.1
Tri ≫ The Events Calendar Editionpro SwPlatformwordpress Version < 6.4.0.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.12% | 0.775 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|