CVE-2021-24583

The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when deleting a timeslot, allowing any user with the edit_posts capability (contributor+) to delete arbitrary timeslot from any events. Furthermore, no CSRF check is in place as well, allowing such attack to be performed via CSRF against a logged in with such capability
References
Configurations

Configuration 1

cpe:2.3:a:motopress:timetable_and_event_schedule:*:*:*:*:*:wordpress:*:*

Information

Published : 2021-09-20 10:15

Updated : 2022-10-25 06:37


NVD link : CVE-2021-24583

Mitre link : CVE-2021-24583

Products Affected
No products.
CWE