CVE-2025-12954 – Timetable and Event Schedule by MotoPress < 2.4.16 – Contributor+ Event Disclosure via IDOR

CVE ID : CVE-2025-12954

Published : Dec. 3, 2025, 6 a.m. | 26 minutes ago

Description : The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating, leading to arbitrary event disclosure when to users with a role as low as Contributor.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…