CVE-2024-5333

Summary

The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events.

Affected Software

VendorProductVersion RangeStatus
UnknownThe Events Calendar0 < 6.8.2.1affected

Weaknesses

  • CWE-639 Authorization Bypass Through User-Controlled Key

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: yes
    • Technical Impact: partial

References