CVE-2021-24583
Timetable and Event Schedule by MotoPress < 2.4.2 - Unauthorised Event TimeSlot Deletion
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when deleting a timeslot, allowing any user with the edit_posts capability (contributor+) to delete arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such attack to be performed via CSRF against a logged in with such capability
El plugin Timetable and Event Schedule de WordPress versiones anteriores a 2.4.2, no presenta un control de acceso apropiado cuando se elimina una franja horaria, permitiendo a cualquier usuario con la capacidad edit_posts (contributor+) eliminar una franja horaria arbitraria de cualquier evento. Además, no se presenta una comprobación de CSRF, permitiendo llevar a cabo dicho ataque por medio de un ataque de tipo CSRF contra un usuario con dicha capacidad
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-01-14 CVE Reserved
- 2021-08-23 CVE Published
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- 2024-12-17 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-284: Improper Access Control
- CWE-352: Cross-Site Request Forgery (CSRF)
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://wpscan.com/vulnerability/7aec4ef4-db3b-41fb-9177-88ce9d37bca6 | 2024-08-03 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Motopress Search vendor "Motopress" | Timetable And Event Schedule Search vendor "Motopress" for product "Timetable And Event Schedule" | < 2.4.2 Search vendor "Motopress" for product "Timetable And Event Schedule" and version " < 2.4.2" | wordpress |
Affected
|