Jetmonsters Timetable And Event Schedule By Motopress vulnerabilities

CVE-2020-36840 [CRITICAL] CWE-862 CVE-2020-36840: The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization by The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers to call that function and perform a wide variety

CVE-2024-3342 [CRITICAL] CWE-89 CVE-2024-3342: The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection vi The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to SQL Injection via the 'events' attribute of the 'mp-timetable' shortcode in all versions up to, and including, 2.4.11 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for a