CVE-2024-8700

Exploit

EPSS 0.39%
Veröffentlicht 15.05.2025 20:15:59
Zuletzt bearbeitet 04.06.2025 20:07:46
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Event Calendar <= 1.0.4 - Unauthenticated Arbitrary Calendar Deletion

Event Calendar <= 1.0.4 - Missing Authorization to Unauthenticated Arbitrary Calendar Deletion

The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars.

Mögliche Gegenmaßnahme

Event Calendar: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Total-soft ≫ Event Calendar SwPlatformwordpress Version <= 1.0.4

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Event Calendar

Version *-1.0.4

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.39%	0.302

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://wpscan.com/vulnerability/8c48b657-afa1-45e6-ada6-27ee58185143/

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/9694f4e0-be99-4122-82d2-b22e7422c877

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-8700

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-8700

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-8700

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-8700