CVE-2024-8700 | THREATINT

Description

The Event Calendar WordPress plugin through 1.0.4 does not check for authorization on delete actions, allowing unauthenticated users to delete arbitrary calendars.

PUBLISHED Reserved 2024-09-11 | Published 2025-05-15 | Updated 2025-08-27 | Assigner WPScan

Problem types

CWE-862 Missing Authorization

Product status

Default status

affected

Any version

affected

Credits

Bob Matyas finder

WPScan coordinator

References

wpscan.com/...rability/8c48b657-afa1-45e6-ada6-27ee58185143/ exploit

wpscan.com/...rability/8c48b657-afa1-45e6-ada6-27ee58185143/ exploit vdb-entry technical-description

cve.org (CVE-2024-8700)

nvd.nist.gov (CVE-2024-8700)

Download JSON