Access Control Flaw in Events Calendar Plugin for WordPress
CVE-2024-5333
Key Information:
- Vendor
- Wordpress
- Status
- Vendor
- CVE Published:
- 16 December 2024
Badges
Summary
CVE-2024-5333 is a significant security vulnerability affecting the Events Calendar plugin for WordPress, specifically in versions prior to 6.8.2.1. This flaw is characterized by a lack of proper access control checks within the REST API, which allows unauthenticated users to gain access to sensitive information related to password-protected events. As a result, attackers can exploit this vulnerability to disclose confidential event details, potentially exposing personal information and compromising user privacy. Website administrators using affected versions are strongly advised to update to the latest release to mitigate this risk.
Affected Version(s)
The Events Calendar 0 < 6.8.2.1
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.
References
Timeline
- π‘
Public PoC available
- πΎ
Exploit known to exist
Vulnerability published
Vulnerability Reserved