Vulnerabilities > Motopress > Timetable AND Event Schedule > 2.4.1

DATE CVE VULNERABILITY TITLE RISK
2021-09-20 CVE-2021-24583 Cross-Site Request Forgery (CSRF) vulnerability in Motopress Timetable and Event Schedule
The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when deleting a timeslot, allowing any user with the edit_posts capability (contributor+) to delete arbitrary timeslot from any events.
network
low complexity
motopress CWE-352
4.3
4.3
2021-09-20 CVE-2021-24584 Cross-site Scripting vulnerability in Motopress Timetable and Event Schedule
The Timetable and Event Schedule WordPress plugin before 2.4.2 does not have proper access control when updating a timeslot, allowing any user with the edit_posts capability (contributor+) to update arbitrary timeslot from any events.
network
low complexity
motopress CWE-79
5.4
5.4