7.5

CVE-2024-8700

Exploit

EPSS 0.31%
Veröffentlicht 15.05.2025 20:15:59
Zuletzt bearbeitet 04.06.2025 20:07:46
Quelle contact@wpscan.com
CVE-Watchlists
Login
Unerledigt
Login

Event Calendar <= 1.0.4 - Missing Authorization to Unauthenticated Arbitrary Calendar Deletion

The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars.

Mögliche Gegenmaßnahme

Event Calendar: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 0 Referenzen 5

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Event Calendar

Version *-1.0.4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Total-soft ≫ Event Calendar SwPlatformwordpress Version <= 1.0.4

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.31%	0.54

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Es wurden noch keine Informationen zu CWE veröffentlicht.

https://wpscan.com/vulnerability/8c48b657-afa1-45e6-ada6-27ee58185143/

Third Party Advisory

Exploit

https://www.wordfence.com/threat-intel/vulnerabilities/id/9694f4e0-be99-4122-82d2-b22e7422c877

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-8700

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-8700

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-8700

EUVD