Security Advisory

CVE-2024-0855

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-02-27 08:30:29

Last updated 2024-08-08 20:36:38

Assigner WPScan

State PUBLISHED

Description

The Spiffy Calendar WordPress plugin before 4.9.9 doesnt check the event_author parameter, and allows any user to alter it when creating an event, leading to deceiving users/admins that a page was created by a Contributor+.

← Browse all CVEs View on cve.org ↗