CVSS: 6.4EPSS: 0%CPEs: 1EXPL: 0CVE-2024-43143 – WordPress Registrations for the Events Calendar plugin <= 2.12.1 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-43143
07 Aug 2024 — Missing Authorization vulnerability in Roundup WP Registrations for the Events Calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Registrations for the Events Calendar: from n/a through 2.12.1. The Registrations for the Events Calendar plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the rtec_process_form_submission() and rtec_records_edit() functions in versions up to, and including, 2.12.1. This ma... • https://patchstack.com/database/vulnerability/registrations-for-the-events-calendar/wordpress-registrations-for-the-events-calendar-plugin-2-12-1-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 9.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-39638 – WordPress Registrations for the Events Calendar plugin <= 2.12.2 - SQL Injection vulnerability
https://notcve.org/view.php?id=CVE-2024-39638
30 Jul 2024 — Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roundup WP Registrations for the Events Calendar allows SQL Injection.This issue affects Registrations for the Events Calendar: from n/a through 2.12.2. The Registrations for the Events Calendar – Event Registration Plugin plugin for WordPress is vulnerable to SQL Injection in all versions up to, and including, 2.12.2 due to insufficient escaping on the user supplied parameter and lack of sufficient prepara... • https://patchstack.com/database/vulnerability/registrations-for-the-events-calendar/wordpress-registrations-for-the-events-calendar-plugin-2-12-2-sql-injection-vulnerability?_s_id=cve • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •