Morelmathieuj

**Name of the Vulnerable Software and Affected Versions** Scheduler Widget versions prior to 0.1.7 **Description** The Scheduler Widget plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. The `scheduler widget ajax save event()` function does not adequately verify authorization or ownership when updating events. This allows authenticated attackers with Subscriber-level access or higher to modify any event in the scheduler by manipulating the `id` parameter, provided they know the event ID. **Recommendations** Update the Scheduler Widget plugin to version 0.1.7 or later.