exploitDog

CVE-2025-12954

Опубликовано: 03 дек. 2025

Источник: nvd

CVSS3: 2.7

EPSS Низкий

Описание

The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating, leading to arbitrary event disclosure when to users with a role as low as Contributor.

Ссылки

https://wpscan.com/vulnerability/f15dd1ca-aa40-4d3b-9625-e3ace744374d/

EPSS

Процентиль: 9%

0.00033

Низкий

2.7 Low

CVSS3

Дефекты

CWE-639

Связанные уязвимости

GHSA-c799-m99w-mpg7

CVSS3: 2.7

github

2 месяца назад

The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating, leading to arbitrary event disclosure when to users with a role as low as Contributor.

EPSS

Процентиль: 9%

0.00033

Низкий

2.7 Low

CVSS3

Дефекты

CWE-639