exploitDog

CVE-2024-1295

Опубликовано: 14 июн. 2024

Источник: nvd

CVSS3: 6.5

EPSS Низкий

Описание

The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts, etc.)

Ссылки

https://wpscan.com/vulnerability/3cffbeb0-545a-4002-b02c-0fa38cada1db/
Exploit
Third Party Advisory
https://wpscan.com/vulnerability/3cffbeb0-545a-4002-b02c-0fa38cada1db/
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tri:the_events_calendar:*:*:*:*:*:wordpress:*:*

Версия до 6.4.0.1 (исключая)

Конфигурация 2

cpe:2.3:a:tri:the_events_calendar:*:*:pro:*:*:wordpress:*:*

Версия до 6.4.0.1 (исключая)

EPSS

Процентиль: 78%

0.01115

Низкий

6.5 Medium

CVSS3

Дефекты

NVD-CWE-Other

Связанные уязвимости

GHSA-66gp-w3xm-x3cc

CVSS3: 6.5

github

больше 1 года назад

The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts, etc.)

EPSS

Процентиль: 78%

0.01115

Низкий

6.5 Medium

CVSS3

Дефекты

NVD-CWE-Other