CVE-2024-8700
HIGHDescription
The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars.
Is your site exposed to CVE-2024-8700?
Run a free security scan — no signup, results in seconds.
CVSS v3.1 Score
Affected Products
| Vendor | Product |
|---|---|
| total-soft | event_calendar |
References
Frequently Asked Questions
What is CVE-2024-8700? +
How severe is CVE-2024-8700? +
What products are affected by CVE-2024-8700? +
How do I check if I'm vulnerable to CVE-2024-8700? +
Related Vulnerabilities
The TS Poll – Survey, Versus Poll, Image Poll, Video Poll plugin for WordPress is vulnerable to SQL Injection via …
The TS Poll WordPress plugin before 2.4.0 does not sanitize and escape a parameter before using it in a SQL …
The Video Gallery – Best WordPress YouTube Gallery Plugin plugin for WordPress is vulnerable to time-based SQL Injection via the …
The Video Gallery – Best WordPress YouTube Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings …