cve/2021/CVE-2021-25025.md
2024-05-25 21:48:12 +02:00

887 B

CVE-2021-25025

Description

The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events

POC

Reference

Github

No PoCs found on GitHub currently.