Report
The Event Calendar plugin for WordPress lacks authorization and capability checks on several of its functions reachable via AJAX actions in versions up to, and including, 1.4.6. This makes it possible for unauthenticated attackers to edit, clone, and delete events.
Score:6.5
Severity:Medium
Version: 1.4.6
There is a patch available in v1.4.7 and we strongly recommend you update to this version as soon as possible.
