Vulnerabilities > CVE-2021-25025 - Unspecified vulnerability in Theeventscalendar Eventcalendar

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
theeventscalendar

Summary

The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events

Vulnerable Configurations

Part Description Count
Application
Theeventscalendar
1