2.7
CVE-2025-12954
- EPSS 0.18%
- Veröffentlicht 03.12.2025 06:00:05
- Zuletzt bearbeitet 15.04.2026 00:35:42
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
Timetable and Event Schedule by MotoPress < 2.4.16 - Contributor+ Event Disclosure via IDOR
Timetable and Event Schedule by MotoPress <= 2.4.15 - Insecure Direct Object Reference to Authenticated (Contributor+) Event Disclosure
The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating, leading to arbitrary event disclosure when to users with a role as low as Contributor.
Mögliche Gegenmaßnahme
Timetable and Event Schedule by MotoPress: Update to version 2.4.16, or a newer patched version
Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).
HerstellerUnknown
≫
Produkt
Timetable and Event Schedule by MotoPress
Default Statusunaffected
Version
0
Version <
2.4.16
Status
affected
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Timetable and Event Schedule by MotoPress
Version
*-2.4.15
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.074 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 2.7 | 1.2 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
|
CWE-639 Authorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
https://wpscan.com/vulnerability/f15dd1ca-aa40-4d3b-9625-e3ace744374d/
https://www.wordfence.com/threat-intel/vulnerabilities/id/74eecbe1-0563-48f9-9846-3c67d5833f8b