exploitDog

GHSA-96vj-582q-cvqw

Опубликовано: 18 янв. 2022

Источник: github

Github: Не прошло ревью

CVSS3: 4.3

Описание

The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events

The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events

Ссылки

EPSS

Процентиль: 22%

0.00071

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-352

CWE-862

Связанные уязвимости

CVE-2021-25025

CVSS3: 4.3

nvd

около 4 лет назад

The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events

EPSS

Процентиль: 22%

0.00071

Низкий

4.3 Medium

CVSS3

CVE ID

Дефекты

CWE-352

CWE-862