CVE-2021-25025
N/A
N/A
Summary
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Unknown | EventCalendar | 1.1.51 < 1.1.51 | affected |
Weaknesses
- CWE-352: CWE-352 Cross-Site Request Forgery (CSRF)
- CWE-862: CWE-862 Missing Authorization
ADP Enrichment
CVE Program Container
Additional References
References
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.