Event Calendar
1 CVEs
product
Monthly
The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WordPress
Information Disclosure
Event Calendar
NVD
WPScan
CVSS 3.1
7.5
EPSS
0.5%
EPSS 0%
CVSS 7.5
HIGH
POC
This Month
The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
WordPress
Information Disclosure
Event Calendar
NVD
WPScan