Skip to main content

Timetable And Event Schedule

6 CVEs product

Monthly

CVE-2022-2844 MEDIUM This Month

A vulnerability classified as problematic has been found in MotoPress Timetable and Event Schedule up to 1.4.06. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Timetable And Event Schedule
NVD VulDB
CVSS 3.1
6.1
EPSS
0.4%
CVE-2022-2843 MEDIUM This Month

A vulnerability was found in MotoPress Timetable and Event Schedule. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Timetable And Event Schedule
NVD VulDB
CVSS 3.1
6.1
EPSS
0.5%
CVE-2021-24585 MEDIUM POC This Month

The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs the Hashed Password, Username and Email Address (along other less sensitive data) of the user related to the Even Head of the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Timetable And Event Schedule
NVD WPScan
CVSS 3.1
6.5
EPSS
1.1%
CVE-2021-24584 MEDIUM POC This Month

The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when updating a timeslot, allowing any user with the edit_posts capability (contributor+) to update. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS Timetable And Event Schedule
NVD WPScan
CVSS 3.1
5.4
EPSS
0.5%
CVE-2021-24583 MEDIUM POC This Month

The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when deleting a timeslot, allowing any user with the edit_posts capability (contributor+) to delete. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Authentication Bypass Timetable And Event Schedule
NVD WPScan
CVSS 3.1
4.3
EPSS
1.6%
CVE-2021-24724 MEDIUM POC This Month

The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Timetable And Event Schedule
NVD WPScan
CVSS 3.1
5.4
EPSS
0.9%
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability classified as problematic has been found in MotoPress Timetable and Event Schedule up to 1.4.06. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS Timetable And Event Schedule
NVD VulDB
EPSS 0% CVSS 6.1
MEDIUM This Month

A vulnerability was found in MotoPress Timetable and Event Schedule. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XSS PHP Timetable And Event Schedule
NVD VulDB
EPSS 1% CVSS 6.5
MEDIUM POC This Month

The Timetable and Event Schedule WordPress plugin before 2.4.0 outputs the Hashed Password, Username and Email Address (along other less sensitive data) of the user related to the Even Head of the. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Timetable And Event Schedule
NVD WPScan
EPSS 0% CVSS 5.4
MEDIUM POC This Month

The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when updating a timeslot, allowing any user with the edit_posts capability (contributor+) to update. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress XSS +1
NVD WPScan
EPSS 2% CVSS 4.3
MEDIUM POC This Month

The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when deleting a timeslot, allowing any user with the edit_posts capability (contributor+) to delete. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

CSRF WordPress Authentication Bypass +1
NVD WPScan
EPSS 1% CVSS 5.4
MEDIUM POC This Month

The Timetable and Event Schedule by MotoPress WordPress plugin before 2.3.19 does not sanitise some of its parameters, which could allow low privilege users such as author to perform XSS attacks. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress XSS Timetable And Event Schedule
NVD WPScan

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy