Vulnerabilities

CVE-2025-12954

by Fred · 03/12/2025

The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating, leading to arbitrary event disclosure when to users with a role as low as Contributor.

More information : https://wpscan.com/vulnerability/f15dd1ca-aa40-4d3b-9625-e3ace744374d/

Similar

Tags: Cybersecurity Alert