All the vulnerabilites related to Unknown - The Events Calendar
cve-2024-4180
Vulnerability from cvelistv5
Published
2024-06-04 06:00
Modified
2024-08-01 20:33
Severity ?
EPSS score ?
Summary
The Events Calendar < 6.4.0.1 - Reflected XSS
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/b2a92316-e404-4a5e-8426-f88df6e87550/ | exploit, vdb-entry, technical-description |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Unknown | The Events Calendar |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-4180",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-04T14:32:46.121435Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:55:12.437Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T20:33:52.970Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/b2a92316-e404-4a5e-8426-f88df6e87550/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "The Events Calendar",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.4.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Marc Montpas"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Events Calendar WordPress plugin before 6.4.0.1 does not properly sanitize user-submitted content when rendering some views via AJAX."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-79 Cross-Site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T06:00:02.616Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/b2a92316-e404-4a5e-8426-f88df6e87550/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "The Events Calendar \u003c 6.4.0.1 - Reflected XSS",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-4180",
"datePublished": "2024-06-04T06:00:02.616Z",
"dateReserved": "2024-04-25T13:15:44.143Z",
"dateUpdated": "2024-08-01T20:33:52.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-1295
Vulnerability from cvelistv5
Published
2024-06-14 06:00
Modified
2024-08-01 18:33
Severity ?
EPSS score ?
Summary
The Events Calendar (Free < 6.4.0.1, Pro < 6.4.0.1) - Contributor+ Arbitrary Events Access
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/3cffbeb0-545a-4002-b02c-0fa38cada1db/ | exploit, vdb-entry, technical-description |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Unknown | events-calendar-pro | |
| Unknown | The Events Calendar |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:theeventscalendar:the_events_calendar:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "the_events_calendar",
"vendor": "theeventscalendar",
"versions": [
{
"lessThan": "6.4.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"cpes": [
"cpe:2.3:a:theeventscalendar:events_calendar_pro:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unaffected",
"product": "events_calendar_pro",
"vendor": "theeventscalendar",
"versions": [
{
"lessThan": "6.4.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2024-1295",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-16T16:55:05.896656Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-16T17:02:16.338Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-01T18:33:25.358Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/3cffbeb0-545a-4002-b02c-0fa38cada1db/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "events-calendar-pro",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.4.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
},
{
"defaultStatus": "unaffected",
"product": "The Events Calendar",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.4.0.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Scott Kingsley Clark"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn\u0027t have access to. (e.g. password-protected events, drafts, etc.)"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-14T06:00:02.149Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/3cffbeb0-545a-4002-b02c-0fa38cada1db/"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "The Events Calendar (Free \u003c 6.4.0.1, Pro \u003c 6.4.0.1) - Contributor+ Arbitrary Events Access",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2024-1295",
"datePublished": "2024-06-14T06:00:02.149Z",
"dateReserved": "2024-02-06T21:24:31.763Z",
"dateUpdated": "2024-08-01T18:33:25.358Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-6203
Vulnerability from cvelistv5
Published
2023-12-18 20:07
Modified
2024-08-02 08:21
Severity ?
EPSS score ?
Summary
The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read
References
| ▼ | URL | Tags |
|---|---|---|
| https://wpscan.com/vulnerability/229273e6-e849-447f-a95a-0730969ecdae | exploit, vdb-entry, technical-description |
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Unknown | The Events Calendar |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T08:21:17.837Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description",
"x_transferred"
],
"url": "https://wpscan.com/vulnerability/229273e6-e849-447f-a95a-0730969ecdae"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"collectionURL": "https://wordpress.org/plugins",
"defaultStatus": "unaffected",
"product": "The Events Calendar",
"vendor": "Unknown",
"versions": [
{
"lessThan": "6.2.8.1",
"status": "affected",
"version": "0",
"versionType": "semver"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Krzysztof Zaj\u0105c (CERT PL)"
},
{
"lang": "en",
"type": "coordinator",
"value": "WPScan"
}
],
"descriptions": [
{
"lang": "en",
"value": "The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request"
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "CWE-287 Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-18T20:07:53.415Z",
"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"shortName": "WPScan"
},
"references": [
{
"tags": [
"exploit",
"vdb-entry",
"technical-description"
],
"url": "https://wpscan.com/vulnerability/229273e6-e849-447f-a95a-0730969ecdae"
}
],
"source": {
"discovery": "EXTERNAL"
},
"title": "The Events Calendar \u003c 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read",
"x_generator": {
"engine": "WPScan CVE Generator"
}
}
},
"cveMetadata": {
"assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81",
"assignerShortName": "WPScan",
"cveId": "CVE-2023-6203",
"datePublished": "2023-12-18T20:07:53.415Z",
"dateReserved": "2023-11-20T13:33:17.684Z",
"dateUpdated": "2024-08-02T08:21:17.837Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}