Description
WordPress Plugin Calendar Event Multi View is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently create/delete arbitrary events. WordPress Plugin Calendar Event Multi View version 1.4.06 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.4.07 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:5F191D25-833B-4D8D-A4FF-D180A326DD82
https://sploitus.com/exploit?id=WPEX-ID:95F92062-08CE-478A-A2BC-6D026ADF657C
https://plugins.svn.wordpress.org/cp-multi-view-calendar/trunk/README.txt
Related Vulnerabilities
WordPress Plugin Ads Pro-Multi-Purpose WordPress Advertising Manager Multiple Vulnerabilities (3.4)
WordPress Plugin AVH Extended Categories Widgets SQL Injection (4.0.0)
WordPress Plugin Clerk Security Bypass (3.8.3)
MongoDb Insufficiently Protected Credentials Vulnerability (CVE-2021-32039)
WordPress Plugin Pinblocks-Gutenberg blocks with Pinterest widgets Unspecified Vulnerability (1.0.1)