VYPR
Unrated severityNVD Advisory· Published Jan 17, 2022· Updated Aug 3, 2024

Event Calendar < 1.1.51 - Subscriber+ Event Creation

CVE-2021-25025

Description

The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.