Approved changes feed: RSS · Atom

cpe:2.3:a:motopress:timetable_and_event_schedule:*:*:*:*:*:*:*:*

part: a version: * update: *

VendorMotopress (6d317652-94c4-5c1f-ac88-5ca1ba2616b8)
ProductTimetable And Event Schedule (c35fd3b9-4559-57e6-80a3-5f840b13fad0)
Edition*
Language*
Software edition*
Target software*
Target hardware*
Other*
NotesImported from purl2cpe mapping

PURL mappings

PURLSourceLast updated
pkg:github/motopress/mp-timetable purl2cpe 2026-06-01 10:16:10.775275

Vulnerability references

IdentifiercpeApplicabilitySubmitteddb.gcve.eu detailsRationale
CVE:CVE-2024-39630 vulnerable 2026-06-08 06:41:51.245686 WordPress Timetable and Event Schedule by MotoPress plugin <= 2.4.13 - PHP Object Injection vulnerability
MEDIUM (5.5)
Deserialization of Untrusted Data vulnerability in MotoPress Timetable and Event Schedule allows Object Injection.This issue affects Timetable and Event Schedule: from n/a through 2.4.13.
Published: 2024-08-01T20:38:48.944Z
Updated: 2026-04-28T16:10:07.282Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-2844 vulnerable 2026-06-08 05:43:36.603771 MotoPress Timetable and Event Schedule Calendar cross site scripting
LOW (3.5)
A vulnerability classified as problematic has been found in MotoPress Timetable and Event Schedule up to 1.4.06. This affects an unknown part of the file /wp/?cpmvc_id=1&cpmvc_do_action=mvparse&f=datafeed&calid=1&month_index=1&method=adddetails&id=2 of the component Calendar Handler. The manipulation of the argument Subject/Location/Description leads to cross site scripting. It is possible to initiate the attack remotely. The associated identifier of this vulnerability is VDB-206487.
Published: 2022-08-16T18:50:29.000Z
Updated: 2025-04-15T13:49:43.053Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2022-2843 vulnerable 2026-06-08 05:43:36.602385 MotoPress Timetable and Event Schedule Quick Edit admin-ajax.php cross site scripting
LOW (3.5)
A vulnerability was found in MotoPress Timetable and Event Schedule. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /wp-admin/admin-ajax.php of the component Quick Edit. The manipulation of the argument post_title with the input <img src=x onerror=alert`2`> leads to cross site scripting. The attack may be launched remotely. VDB-206486 is the identifier assigned to this vulnerability.
Published: 2022-08-16T18:50:16.000Z
Updated: 2025-04-15T13:49:50.563Z
Reference links
Imported from gcve-enriched-dumps CVE data
CVE:CVE-2020-36840 vulnerable 2026-06-08 05:25:49.640393 Timetable and Event Schedule by MotoPress <= 2.3.8 - Missing Authorization
HIGH (7.3)
The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers to call that function and perform a wide variety of actions such as including random template, injecting malicious web scripts, and more.
Published: 2024-10-16T07:31:50.702Z
Updated: 2026-04-08T17:10:41.851Z
Reference links
Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.