Calj Shabbat Times

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2026-4117 MEDIUM This Month

Authenticated users with Subscriber-level access can modify the CalJ Shabbat Times plugin's API key and clear its cache due to missing authorization checks in the CalJSettingsPage class constructor. The vulnerability affects all versions up to and including 1.5, with no special network or interaction requirements beyond valid WordPress authentication. While CVSS 5.3 reflects moderate integrity impact, the practical risk depends on whether WordPress sites allow Subscriber-level registrations and whether the plugin's API key provides sensitive access to external services.

PHP Authentication Bypass WordPress Calj Shabbat Times
NVD
CVSS 3.1
5.3
EPSS
0.0%
CVE-2026-4117
EPSS 0% CVSS 5.3
MEDIUM This Month

Authenticated users with Subscriber-level access can modify the CalJ Shabbat Times plugin's API key and clear its cache due to missing authorization checks in the CalJSettingsPage class constructor. The vulnerability affects all versions up to and including 1.5, with no special network or interaction requirements beyond valid WordPress authentication. While CVSS 5.3 reflects moderate integrity impact, the practical risk depends on whether WordPress sites allow Subscriber-level registrations and whether the plugin's API key provides sensitive access to external services.

PHP Authentication Bypass WordPress +1
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy