Volerion logoVolerion
Volerion logoVolerion

Timetable and Event Schedule by MotoPress WordPress Plugin Event Disclosure Vulnerability

Vulnerability

A vulnerability exists in the Timetable and Event Schedule by MotoPress WordPress plugin in versions prior to 2.4.16. The issue arises because the plugin does not properly verify a user's access to specific events when duplicating them. This flaw allows users with a Contributor role to access and duplicate events they should not have permission to.

Impact

Exploitation of this vulnerability leads to unauthorized access and duplication of events by users with a Contributor role.

Reproduction

To reproduce this vulnerability, a user with a Contributor role can navigate to the WordPress admin event editor. By hovering over the 'duplicate' option for an event, the user can replace the event ID with that of another valid event. This action will result in a duplicate of the selected event being created.

Remediation

Users are advised to update the Timetable and Event Schedule by MotoPress WordPress plugin to version 2.4.16 or later.

Added: Dec 3, 2025, 6:16 AM
Updated: Dec 3, 2025, 6:16 AM

Vulnerability Rating

Custom Algorithm
spread
3.4
impact
2.5
exploitability
6.8
remediation
7.7
relevance
1.3
threat
6.4
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.