CVE-2024-1295

The events-calendar-pro WordPress plugin before 6.4.0.1, The Events Calendar WordPress plugin before 6.4.0.1 does not prevent users with at least the contributor role from leaking details about events they shouldn't have access to. (e.g. password-protected events, drafts, etc.)
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
WPScanCNA
---
---
CISA-ADPADP
6.5 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
VendorProductVersion
theeventscalendarthe_events_calendar
𝑥
< 6.4.0.1
theeventscalendarevents_calendar_pro
𝑥
< 6.4.0.1
trithe_events_calendar
𝑥
< 6.4.0.1
trithe_events_calendar
𝑥
< 6.4.0.1
𝑥
= Vulnerable software versions
References
https://wpscan.com/vulnerability/3cffbeb0-545a-4002-b02c-0fa38cada1db/
https://wpscan.com/vulnerability/3cffbeb0-545a-4002-b02c-0fa38cada1db/