Description
WordPress Plugin Event Single Page Templates Addon For The Events Calendar is prone to a security bypass vulnerability. Exploiting this issue may allow attackers to perform otherwise restricted actions and subsequently download and extract a remote ZIP file on the blog, which can lead to remote code execution. WordPress Plugin Event Single Page Templates Addon For The Events Calendar version 1.5 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 1.6 or latest
References
Related Vulnerabilities
WordPress Plugin Claptastic Clap! Button Multiple Cross-Site Scripting Vulnerabilities (1.3)
WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.30)
MySQL CVE-2017-3465 Vulnerability (CVE-2017-3465)
WordPress Plugin Advanced Custom Fields (ACF) Cross-Site Scripting (4.4.3)
WordPress Plugin Content Aware Sidebars-Unlimited Widget Areas Security Bypass (3.8)