Security Advisory

CVE-2025-12954

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-12-03 06:00:05

Last updated 2026-01-09 20:09:23

Assigner WPScan

State PUBLISHED

Description

The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating, leading to arbitrary event disclosure when to users with a role as low as Contributor.

← Browse all CVEs View on cve.org ↗