Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-5333

CWE-639Insecure Direct Object Reference4 documents4 sources
Severity
5.3MEDIUM
EPSS
8.4%
top 7.68%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Unknown THE Events CalendarStellarwp THE Events Calendar
Timeline
PublishedDec 16

Description

The Events Calendar WordPress plugin before 6.8.2.1 is missing access checks in the REST API, allowing for unauthenticated users to access information about password protected events.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5unknown/the_events_calendar< 6.8.2.1

🔴Vulnerability Details

2
CVEList
The Events Calendar < 6.8.2.1 - Unauthenticated Password Protected Event Disclosure2024-12-16
GHSA
GHSA-64v9-jgpj-cjqg: The Events Calendar WordPress plugin before 62024-12-16

💥Exploits & PoCs

1
Nuclei
WordPress Events Calendar 6.8.2.1 - Information Disclosure
CVE-2024-5333 (MEDIUM CVSS 5.3) | The Events Calendar WordPress plugi | cvebase.io