CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-36840

The Timetable and Event Schedule by MotoPress plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the wp_ajax_route_url() function called via a nopriv AJAX action in versions up to, and including, 2.3.8. This makes it possible for unauthenticated attackers to call that function and perform a wide variety of actions such as including random template, injecting malicious web scripts, and more.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.005

EPSS Ranking 65.0%

CVSS Severity

CVSS v3 Score 7.3

References

Products affected by CVE-2020-36840

Motopress » Timetable And Event Schedule » Version: N/A

cpe:2.3:a:motopress:timetable_and_event_schedule:-
Motopress » Timetable And Event Schedule » Version: 1.0.3

cpe:2.3:a:motopress:timetable_and_event_schedule:1.0.3
Motopress » Timetable And Event Schedule » Version: 1.0.4

cpe:2.3:a:motopress:timetable_and_event_schedule:1.0.4
Motopress » Timetable And Event Schedule » Version: 1.0.5

cpe:2.3:a:motopress:timetable_and_event_schedule:1.0.5
Motopress » Timetable And Event Schedule » Version: 1.0.6

cpe:2.3:a:motopress:timetable_and_event_schedule:1.0.6
Motopress » Timetable And Event Schedule » Version: 1.0.7

cpe:2.3:a:motopress:timetable_and_event_schedule:1.0.7
Motopress » Timetable And Event Schedule » Version: 1.1.0

cpe:2.3:a:motopress:timetable_and_event_schedule:1.1.0
Motopress » Timetable And Event Schedule » Version: 1.1.2

cpe:2.3:a:motopress:timetable_and_event_schedule:1.1.2
Motopress » Timetable And Event Schedule » Version: 1.1.3

cpe:2.3:a:motopress:timetable_and_event_schedule:1.1.3
Motopress » Timetable And Event Schedule » Version: 1.1.4

cpe:2.3:a:motopress:timetable_and_event_schedule:1.1.4
Motopress » Timetable And Event Schedule » Version: 1.1.5

cpe:2.3:a:motopress:timetable_and_event_schedule:1.1.5
Motopress » Timetable And Event Schedule » Version: 1.1.6

cpe:2.3:a:motopress:timetable_and_event_schedule:1.1.6
Motopress » Timetable And Event Schedule » Version: 1.4.06

cpe:2.3:a:motopress:timetable_and_event_schedule:1.4.06
Motopress » Timetable And Event Schedule » Version: 2.0.0

cpe:2.3:a:motopress:timetable_and_event_schedule:2.0.0
Motopress » Timetable And Event Schedule » Version: 2.0.1

cpe:2.3:a:motopress:timetable_and_event_schedule:2.0.1
Motopress » Timetable And Event Schedule » Version: 2.0.2

cpe:2.3:a:motopress:timetable_and_event_schedule:2.0.2
Motopress » Timetable And Event Schedule » Version: 2.0.3

cpe:2.3:a:motopress:timetable_and_event_schedule:2.0.3
Motopress » Timetable And Event Schedule » Version: 2.0.4

cpe:2.3:a:motopress:timetable_and_event_schedule:2.0.4
Motopress » Timetable And Event Schedule » Version: 2.1.0

cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.0
Motopress » Timetable And Event Schedule » Version: 2.1.1

cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.1
Motopress » Timetable And Event Schedule » Version: 2.1.10

cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.10
Motopress » Timetable And Event Schedule » Version: 2.1.11

cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.11
Motopress » Timetable And Event Schedule » Version: 2.1.12

cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.12
Motopress » Timetable And Event Schedule » Version: 2.1.2

cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.2
Motopress » Timetable And Event Schedule » Version: 2.1.3

cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.3
Motopress » Timetable And Event Schedule » Version: 2.1.4

cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.4
Motopress » Timetable And Event Schedule » Version: 2.1.5

cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.5
Motopress » Timetable And Event Schedule » Version: 2.1.6

cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.6
Motopress » Timetable And Event Schedule » Version: 2.1.7

cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.7
Motopress » Timetable And Event Schedule » Version: 2.1.8

cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.8
Motopress » Timetable And Event Schedule » Version: 2.1.9

cpe:2.3:a:motopress:timetable_and_event_schedule:2.1.9
Motopress » Timetable And Event Schedule » Version: 2.2.0

cpe:2.3:a:motopress:timetable_and_event_schedule:2.2.0
Motopress » Timetable And Event Schedule » Version: 2.2.1

cpe:2.3:a:motopress:timetable_and_event_schedule:2.2.1
Motopress » Timetable And Event Schedule » Version: 2.3.0

cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.0
Motopress » Timetable And Event Schedule » Version: 2.3.1

cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.1
Motopress » Timetable And Event Schedule » Version: 2.3.2

cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.2
Motopress » Timetable And Event Schedule » Version: 2.3.3

cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.3
Motopress » Timetable And Event Schedule » Version: 2.3.4

cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.4
Motopress » Timetable And Event Schedule » Version: 2.3.5

cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.5
Motopress » Timetable And Event Schedule » Version: 2.3.6

cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.6
Motopress » Timetable And Event Schedule » Version: 2.3.7

cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.7
Motopress » Timetable And Event Schedule » Version: 2.3.8

cpe:2.3:a:motopress:timetable_and_event_schedule:2.3.8

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2020-36840

Products

Pricing

Contact Us