Motopress

Timetable And Event Schedule

10 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
2.7

CVE-2025-12954

Exploit
  • EPSS 0.04%
  • Veröffentlicht 03.12.2025 06:00:05
  • Zuletzt bearbeitet 09.01.2026 21:16:11

The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating, leading to arbitrary event disclosure when to users with a role as low as Contributor.

9.8

CVE-2020-36840

  • EPSS 0.36%
  • Veröffentlicht 16.10.2024 08:15:03
  • Zuletzt bearbeitet 30.10.2024 21:06:30

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. Th...

5.5

CVE-2024-39630

  • EPSS 0.16%
  • Veröffentlicht 01.08.2024 21:15:29
  • Zuletzt bearbeitet 02.08.2024 12:59:43

Deserialization of Untrusted Data vulnerability in MotoPress Timetable and Event Schedule allows Object Injection.This issue affects Timetable and Event Schedule: from n/a through 2.4.13.

9.9

CVE-2024-3342

  • EPSS 0.31%
  • Veröffentlicht 27.04.2024 09:15:09
  • Zuletzt bearbeitet 21.11.2024 09:29:25

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all versions up to, and including, 2.4.11 due to insufficient escaping on the user supplie...

6.1

CVE-2022-2843

  • EPSS 0.31%
  • Veröffentlicht 16.08.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 07:01:47

A vulnerability was found in MotoPress Timetable and Event Schedule. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /wp-admin/admin-ajax.php of the component Quick Edit. The manipulation of the argu...

6.1

CVE-2022-2844

  • EPSS 0.22%
  • Veröffentlicht 16.08.2022 19:15:08
  • Zuletzt bearbeitet 21.11.2024 07:01:47

A vulnerability classified as problematic has been found in MotoPress Timetable and Event Schedule up to 1.4.06. This affects an unknown part of the file /wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2 ...

4.3

CVE-2021-24583

Exploit
  • EPSS 0.09%
  • Veröffentlicht 20.09.2021 10:15:08
  • Zuletzt bearbeitet 21.11.2024 05:53:21

The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when deleting a timeslot, allowing any user with the edit_posts capability (contributor+) to delete arbitrary timeslot from any events. Furthermore, no...

5.4

CVE-2021-24584

Exploit
  • EPSS 0.12%
  • Veröffentlicht 20.09.2021 10:15:08
  • Zuletzt bearbeitet 21.11.2024 05:53:21

The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when updating a timeslot, allowing any user with the edit_posts capability (contributor+) to update arbitrary timeslot from any events. Furthermore, no...

6.5

CVE-2021-24585

Exploit
  • EPSS 0.56%
  • Veröffentlicht 20.09.2021 10:15:08
  • Zuletzt bearbeitet 21.11.2024 05:53:21

The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs the Hashed Password, Username and Email Address (along other less sensitive data) of the user related to the Even Head of the Timeslot in the response when requesting the event Ti...

5.4

CVE-2021-24724

Exploit
  • EPSS 0.25%
  • Veröffentlicht 13.09.2021 18:15:18
  • Zuletzt bearbeitet 21.11.2024 05:53:38

The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks against frontend and backend users when viewing the rel...