CVE-2024-0855

Name of the Vulnerable Software and Affected Versions Spiffy Calendar WordPress plugin versions prior to 4.9.9

Description The issue allows any user to alter the event author parameter when creating an event, leading to deceiving users/admins that a page was created by a Contributor+.

Recommendations For versions prior to 4.9.9, update to version 4.9.9 or later to resolve the issue. As a temporary workaround, consider restricting access to event creation to trusted users only until the update is applied.