exploitDog

CVE-2021-25025

Опубликовано: 17 янв. 2022

Источник: nvd

CVSS3: 4.3

CVSS2: 4

EPSS Низкий

Описание

The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events

Ссылки

https://wpscan.com/vulnerability/24fb4eb4-9fe1-4433-8844-8904eaf13c0e
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/24fb4eb4-9fe1-4433-8844-8904eaf13c0e
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:theeventscalendar:eventcalendar:*:*:*:*:*:wordpress:*:*

Версия до 1.1.51 (исключая)

EPSS

Процентиль: 22%

0.00071

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-352

CWE-352

Связанные уязвимости

GHSA-96vj-582q-cvqw

CVSS3: 4.3

github

около 4 лет назад

The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events

EPSS

Процентиль: 22%

0.00071

Низкий

4.3 Medium

CVSS3

4 Medium

CVSS2

Дефекты

CWE-352

CWE-352