CVE-2024-1295

The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts, etc.)

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://wpscan.com/vulnerability/3cffbeb0-545a-4002-b02c-0fa38cada1db/	Exploit Third Party Advisory
https://wpscan.com/vulnerability/3cffbeb0-545a-4002-b02c-0fa38cada1db/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:tri:the_events_calendar:*:*:*:*:*:wordpress:*:*

Configuration 2 (hide)

cpe:2.3:a:tri:the_events_calendar:*:*:pro:*:*:wordpress:*:*

History

No history.

Information

Published : 2024-06-14 06:15

Updated : 2024-11-21 08:50

NVD link : CVE-2024-1295

Mitre link : CVE-2024-1295

CVE.ORG link : CVE-2024-1295

JSON object : View

Products Affected

tri

the_events_calendar

CWE

NVD-CWE-Other

{"id": "CVE-2024-1295", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-06-14T06:15:10.937", "references": [{"url": "https://wpscan.com/vulnerability/3cffbeb0-545a-4002-b02c-0fa38cada1db/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/3cffbeb0-545a-4002-b02c-0fa38cada1db/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts, etc.)"}, {"lang": "es", "value": "El complemento events-calendar-pro de WordPress anterior a 6.4.0.1, el complemento Events Calendar WordPress anterior a 6.4.0.1 no impide que los usuarios con al menos el rol de colaborador filtren detalles sobre eventos a los que no deber\u00edan tener acceso. (por ejemplo, eventos protegidos con contrase\u00f1a, borradores, etc.)"}], "lastModified": "2024-11-21T08:50:15.410", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tri:the_events_calendar:*:*:*:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "10690677-7DF4-4F8D-883E-86BCE8A1C591", "versionEndExcluding": "6.4.0.1"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tri:the_events_calendar:*:*:pro:*:*:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "2CE12E8D-36C5-4F0E-84AB-345AFAC81079", "versionEndExcluding": "6.4.0.1"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}