CVSS: 8.5EPSS: 0%CPEs: 1EXPL: 0CVE-2023-36520 – WordPress Editorial Calendar Plugin <= 3.7.12 is vulnerable to Insecure Direct Object References (IDOR)
https://notcve.org/view.php?id=CVE-2023-36520
27 Jun 2023 — Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar.This issue affects Editorial Calendar: from n/a through 3.7.12. Vulnerabilidad de omisión de autorización a través de clave controlada por el usuario en MarketingFire Editorial Calendar. Este problema afecta a Editorial Calendar: desde n/a hasta 3.7.12. The Editorial Calendar plugin for WordPress is vulnerable to insecure direct object reference in versions up to, and including, 3.7.12. This is due to insuffic... • https://patchstack.com/database/vulnerability/editorial-calendar/wordpress-editorial-calendar-plugin-3-7-12-insecure-direct-object-references-idor-vulnerability?_s_id=cve • CWE-639: Authorization Bypass Through User-Controlled Key •