CVE-2024-1295

EUVD-2024-17056
The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts, etc.)
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 75%
Affected Products (NVD)
VendorProductVersion
trithe_events_calendar
𝑥
< 6.4.0.1
trithe_events_calendar
𝑥
< 6.4.0.1
𝑥
= Vulnerable software versions
Early Detection
Affected products identified ahead of NVD analysis through intelligence sources.
VendorProductVersionSource
theeventscalendarthe_events_calendar
𝑥
< 6.4.0.1
ADP
theeventscalendarevents_calendar_pro
𝑥
< 6.4.0.1
ADP
References
https://wpscan.com/vulnerability/3cffbeb0-545a-4002-b02c-0fa38cada1db/
https://wpscan.com/vulnerability/3cffbeb0-545a-4002-b02c-0fa38cada1db/