CVE-2024-8700

Name of the Vulnerable Software and Affected Versions: The Event Calendar WordPress plugin versions 1.0.0 through 1.0.4

Description: The issue concerns a lack of authorization checks on delete actions, allowing unauthenticated users to delete arbitrary calendars. This means that without proper validation, any user, regardless of their authentication status, can perform deletion actions on calendars.

Recommendations: For The Event Calendar WordPress plugin versions 1.0.0 through 1.0.4, consider disabling the delete action functionality until a patch is available to prevent unauthorized calendar deletions. Restrict access to calendar management features to minimize the risk of exploitation. Avoid using the delete functionality in the affected plugin until the issue is resolved.