Vulnerabilities > CVE-2021-25025 - Unspecified vulnerability in Theeventscalendar Eventcalendar
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
NONE Integrity impact
LOW Availability impact
NONE Summary
The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 1 |