CVE-2024-37518 — Cross-Site Request Forgery in THE Events Calendar

CWE-352 — Cross-Site Request Forgery3 documents3 sources

Severity

—N/A

No vector

EPSS

0.1%

top 76.00%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Stellarwp THE Events Calendar

Timeline

PublishedJan 2

Description

Cross-Site Request Forgery (CSRF) vulnerability in StellarWP The Events Calendar the-events-calendar allows Cross Site Request Forgery.This issue affects The Events Calendar: from n/a through <= 6.5.1.4.

Affected Packages1 packages

▶CVEListV5stellarwp/the_events_calendar6.5.1.4

🔴Vulnerability Details

CVEList

WordPress The Events Calendar plugin <= 6.5.1.4 - Cross Site Request Forgery (CSRF) vulnerability↗2025-01-02

▶

GHSA

GHSA-2gfq-j83r-h8jp: Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar The Events Calendar allows Cross Site Request Forgery↗2025-01-02

▶