How to fix EUVD-2025-200729?

During next maintenance window: Apply vendor patches when convenient. Monitor vendor channels for updates.

Is PHP affected by EUVD-2025-200729?

CVE-2025-12954 is a low-severity vulnerability (CVSS 2.7). The limited severity suggests constrained impact, typically requiring specific conditions or local access for exploitation. Apply vendor updates when available as part of routine maintenance.

EUVD-2025-200729

| CVE-2025-12954 LOW

2025-12-03 [email protected]

Authentication Bypass WordPress PHP

2.7

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

None

Availability

None

Lifecycle Timeline

patch_available

Apr 16, 2026 - 05:29 EUVD

2.4.16

Analysis Generated

Mar 15, 2026 - 16:14 vuln.today

EUVD ID Assigned

Mar 15, 2026 - 16:14 euvd

EUVD-2025-200729

CVE Published

Dec 03, 2025 - 06:15 nvd

LOW 2.7

DescriptionNVD

The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating, leading to arbitrary event disclosure when to users with a role as low as Contributor.

AnalysisAI

A security vulnerability in Timetable and Event Schedule by MotoPress WordPress (CVSS 2.7). Remediation should follow standard vulnerability management procedures.

Technical ContextAI

CWE-639 (Authorization Bypass (IDOR)). Affects Timetable and Event Schedule by MotoPress WordPress.

RemediationAI

Monitor vendor channels for patch availability.

EUVD-2025-200729 vulnerability details – vuln.today

Back

EUVD-2025-200729

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code