Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbKrzysztof Zając (CERT PL)WPVDB-ID:229273E6-E849-447F-A95A-0730969ECDAE
HistoryNov 23, 2023 - 12:00 a.m.

The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read

2023-11-2300:00:00
Krzysztof Zając (CERT PL)
wpscan.com
23
events calendar
unauthenticated access
password protection
post disclosure
security vulnerability

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

37.3%

JSON

Description The plugin discloses the content of password protected posts to unauthenticated users via a crafted request

PoC

Append “?view=single-event” to a password protected post, then view the source of the page and find the post content disclosed in

Related

prion 1
nvd 1
openvas 1
cvelist 1
cve 1
wpexploit 1
prion
prion
Cross site request forgery (csrf)
2023-12-18 20:15:00
nvd
nvd
CVE-2023-6203
2023-12-18 20:15:08
openvas
openvas
WordPress The Events Calendar Plugin < 6.2.8.1 Information Disclosure Vulnerability
2023-12-20 00:00:00
cvelist
cvelist
CVE-2023-6203 The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read
2023-12-18 20:07:53
cve
cve
CVE-2023-6203
2023-12-18 20:15:08
wpexploit
wpexploit
The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read
2023-11-23 00:00:00

AI Score

6.6

Confidence

High

EPSS

0.001

Percentile

37.3%

JSON
Related for WPVDB-ID:229273E6-E849-447F-A95A-0730969ECDAE
prion1nvd1openvas1cvelist1cve1wpexploit1