CVE-2024-8700

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
15/05/2025
Last modified:
04/06/2025

Description

The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:total-soft:event_calendar:*:*:*:*:*:wordpress:*:* 1.0.4 (including)