1 results (0.004 seconds)
CVSS: 5.3EPSS: %CPEs: 1EXPL: 0
CVSS: 5.3EPSS: %CPEs: 1EXPL: 0CVE-2024-8700 – Event Calendar <= 1.0.4 - Missing Authorization to Unauthenticated Arbitrary Calendar Deletion
https://notcve.org/view.php?id=CVE-2024-8700
The Event Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 1.0.4. This makes it possible for unauthenticated attackers to delete arbitrary calendars created by the plugin. • CWE-862: Missing Authorization •