Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for events-calendar-pro by Unknown

    CVE-2024-1295 (GCVE-0-2024-1295)

    Vulnerability from nvd – Published: 2024-06-14 06:00 – Updated: 2025-08-27 12:00
    VLAI
    Title
    The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access
    Summary
    The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts, etc.)
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/3cffbeb0-545a-40… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown events-calendar-pro Affected: 0 , < 6.4.0.1 (semver)
    Create a notification for this product.
    Unknown The Events Calendar Affected: 0 , < 6.4.0.1 (semver)
    Create a notification for this product.
    theeventscalendar the_events_calendar Affected: 0 , < 6.4.0.1 (semver)
        cpe:2.3:a:theeventscalendar:the_events_calendar:*:*:*:*:*:*:*:*
    Create a notification for this product.
    theeventscalendar events_calendar_pro Affected: 0 , < 6.4.0.1 (semver)
        cpe:2.3:a:theeventscalendar:events_calendar_pro:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Scott Kingsley Clark WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:theeventscalendar:the_events_calendar:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "the_events_calendar",
                "vendor": "theeventscalendar",
                "versions": [
                  {
                    "lessThan": "6.4.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:theeventscalendar:events_calendar_pro:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "events_calendar_pro",
                "vendor": "theeventscalendar",
                "versions": [
                  {
                    "lessThan": "6.4.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1295",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-16T16:55:05.896656Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-16T17:02:16.338Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:33:25.358Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/3cffbeb0-545a-4002-b02c-0fa38cada1db/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "events-calendar-pro",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.4.0.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "The Events Calendar",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.4.0.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Scott Kingsley Clark"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn\u0027t have access to. (e.g. password-protected events, drafts, etc.)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-27T12:00:24.293Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/3cffbeb0-545a-4002-b02c-0fa38cada1db/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "The Events Calendar (Free \u003c 6.4.0.1, Pro \u003c 6.4.0.1) - Contributor+ Arbitrary Events Access",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-1295",
        "datePublished": "2024-06-14T06:00:02.149Z",
        "dateReserved": "2024-02-06T21:24:31.763Z",
        "dateUpdated": "2025-08-27T12:00:24.293Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }

    CVE-2024-1295 (GCVE-0-2024-1295)

    Vulnerability from cvelistv5 – Published: 2024-06-14 06:00 – Updated: 2025-08-27 12:00
    VLAI
    Title
    The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access
    Summary
    The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts, etc.)
    SSVC
    Exploitation: poc Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    Assigner
    References
    URL Tags
    https://wpscan.com/vulnerability/3cffbeb0-545a-40… exploitvdb-entrytechnical-description
    Impacted products
    Vendor Product Version
    Unknown events-calendar-pro Affected: 0 , < 6.4.0.1 (semver)
    Create a notification for this product.
    Unknown The Events Calendar Affected: 0 , < 6.4.0.1 (semver)
    Create a notification for this product.
    theeventscalendar the_events_calendar Affected: 0 , < 6.4.0.1 (semver)
        cpe:2.3:a:theeventscalendar:the_events_calendar:*:*:*:*:*:*:*:*
    Create a notification for this product.
    theeventscalendar events_calendar_pro Affected: 0 , < 6.4.0.1 (semver)
        cpe:2.3:a:theeventscalendar:events_calendar_pro:*:*:*:*:*:*:*:*
    Create a notification for this product.
    Credits
    Scott Kingsley Clark WPScan
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "affected": [
              {
                "cpes": [
                  "cpe:2.3:a:theeventscalendar:the_events_calendar:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "the_events_calendar",
                "vendor": "theeventscalendar",
                "versions": [
                  {
                    "lessThan": "6.4.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              },
              {
                "cpes": [
                  "cpe:2.3:a:theeventscalendar:events_calendar_pro:*:*:*:*:*:*:*:*"
                ],
                "defaultStatus": "unaffected",
                "product": "events_calendar_pro",
                "vendor": "theeventscalendar",
                "versions": [
                  {
                    "lessThan": "6.4.0.1",
                    "status": "affected",
                    "version": "0",
                    "versionType": "semver"
                  }
                ]
              }
            ],
            "metrics": [
              {
                "cvssV3_1": {
                  "attackComplexity": "LOW",
                  "attackVector": "NETWORK",
                  "availabilityImpact": "NONE",
                  "baseScore": 6.5,
                  "baseSeverity": "MEDIUM",
                  "confidentialityImpact": "HIGH",
                  "integrityImpact": "NONE",
                  "privilegesRequired": "LOW",
                  "scope": "UNCHANGED",
                  "userInteraction": "NONE",
                  "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
                  "version": "3.1"
                }
              },
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-1295",
                    "options": [
                      {
                        "Exploitation": "poc"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2024-07-16T16:55:05.896656Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2024-07-16T17:02:16.338Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          },
          {
            "providerMetadata": {
              "dateUpdated": "2024-08-01T18:33:25.358Z",
              "orgId": "af854a3a-2127-422b-91ae-364da2661108",
              "shortName": "CVE"
            },
            "references": [
              {
                "tags": [
                  "exploit",
                  "vdb-entry",
                  "technical-description",
                  "x_transferred"
                ],
                "url": "https://wpscan.com/vulnerability/3cffbeb0-545a-4002-b02c-0fa38cada1db/"
              }
            ],
            "title": "CVE Program Container"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "events-calendar-pro",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.4.0.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            },
            {
              "defaultStatus": "unaffected",
              "product": "The Events Calendar",
              "vendor": "Unknown",
              "versions": [
                {
                  "lessThan": "6.4.0.1",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Scott Kingsley Clark"
            },
            {
              "lang": "en",
              "type": "coordinator",
              "value": "WPScan"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn\u0027t have access to. (e.g. password-protected events, drafts, etc.)"
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "description": "CWE-639 Authorization Bypass Through User-Controlled Key",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2025-08-27T12:00:24.293Z",
            "orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
            "shortName": "WPScan"
          },
          "references": [
            {
              "tags": [
                "exploit",
                "vdb-entry",
                "technical-description"
              ],
              "url": "https://wpscan.com/vulnerability/3cffbeb0-545a-4002-b02c-0fa38cada1db/"
            }
          ],
          "source": {
            "discovery": "EXTERNAL"
          },
          "title": "The Events Calendar (Free \u003c 6.4.0.1, Pro \u003c 6.4.0.1) - Contributor+ Arbitrary Events Access",
          "x_generator": {
            "engine": "WPScan CVE Generator"
          }
        }
      },
      "cveMetadata": {
        "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
        "assignerShortName": "WPScan",
        "cveId": "CVE-2024-1295",
        "datePublished": "2024-06-14T06:00:02.149Z",
        "dateReserved": "2024-02-06T21:24:31.763Z",
        "dateUpdated": "2025-08-27T12:00:24.293Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }