Back to search
CVE-2025-12954
Published: Dec 3, 2025
Modified: Jan 9, 2026
PUBLISHED
Description
The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating, leading to arbitrary event disclosure when to users with a role as low as Contributor.
| Vendor | Product | Versions |
|---|---|---|
Unknown | Timetable and Event Schedule by MotoPress | affected 0 - < 2.4.16 |
References
https://wpscan.com/vulnerability/f15dd1ca-aa40-4d3b-9625-e3ace744374d/
exploit
vdb-entry
technical-description
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now