WP iCal Availability <= 1.0.3 – Missing Authorization | CVE 2023-46607 | Plugin Vulnerabilities

Description

The WP iCal Availability plugin for WordPress is vulnerable to unauthorized use of functionality due to a missing capability check on one of its functions in versions up to, and including, 1.0.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to invoke this function. The exact impact of this vulnerability is unknown.

Affects Plugins

wp-ical-availability

No known fix

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/c38ac30d-95dc-415e-8ea6-507ed87d34db

Classification

Type

NO AUTHORISATION

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Abdi Pranata

Verified

No

WPVDB ID

542a6765-6925-4c12-9671-654df9c40b11

Timeline

Publicly Published

2023-10-24 (about 2 years ago)

Added

2023-11-23 (about 2 years ago)

Last Updated

2024-01-22 (about 2 years ago)

Other

Published

Title

Published

2025-08-25

Title

Page Manager for Elementor <= 2.0.5 - Missing Authorization

Published

2026-01-09

Title

Better Business Reviews < 0.1.2 - Missing Authorization

Published

2026-02-05

Title

GreenShift - Animation and Page Builder Blocks < 12.6.1 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure of AI API Keys and Stored Cross-Site Scripting via custom_css

Published

2026-01-07

Title

Speed Kit <= 2.0.2 - Missing Authorization

Published

2025-09-09

Title

PDF Generator for WordPress < 1.5.5 - Missing Authorization