Access Control Vulnerability in Event Organiser Plugin by Stephen Harris
CVE-2025-69012
4.3MEDIUM
What is CVE-2025-69012?
The Event Organiser plugin, developed by Stephen Harris, has a missing authorization vulnerability that allows for exploitation due to incorrectly configured access control security levels. This vulnerability could lead to unauthorized actions or data exposure for users with inadequate permissions. Affected versions span from not applicable to version 3.12.8, posing a security risk for those utilizing this plugin on their WordPress sites. Proper security measures are essential to mitigate this risk.
Affected Version(s)
Event Organiser 0 <= 3.12.8