PT-2025-48794 · Motopress+1 · Motopress+1
Brpsd
·
Published
2025-12-03
·
Updated
2025-12-03
·
CVE-2025-12954
CVSS v3.1
2.7
Low
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Timetable and Event Schedule by MotoPress WordPress plugin versions prior to 2.4.16
Description
The Timetable and Event Schedule by MotoPress WordPress plugin does not properly verify user access to specific events during the duplication process. This can lead to unauthorized disclosure of event information to users with a Contributor role or higher. The issue allows arbitrary event disclosure.
Recommendations
Update the Timetable and Event Schedule by MotoPress WordPress plugin to version 2.4.16 or later.
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Motopress
Timetable/Event Schedule