Login Sign Up

CVE-2024-8700

7.5 HIGH
Authentication Bypass

📋 TL;DR

CVE-2024-8700 is an authorization bypass vulnerability in the Event Calendar WordPress plugin that allows unauthenticated attackers to delete arbitrary calendars. This affects all WordPress sites running Event Calendar plugin version 1.0.4 or earlier. The vulnerability exists because the plugin fails to verify user permissions before processing delete requests.

💻 Affected Systems

Products:
  • WordPress Event Calendar plugin
Versions: through 1.0.4
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All WordPress installations with the vulnerable plugin version are affected regardless of configuration.

📦 What is this software?

Event Calendar by Total Soft

View all CVEs affecting Event Calendar →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete destruction of all calendar data, potential website defacement if calendars are displayed prominently, and disruption of business operations that rely on calendar functionality.

🟠

Likely Case

Malicious actors deleting important event calendars, causing data loss and requiring restoration from backups.

🟢

If Mitigated

Minimal impact if proper access controls, web application firewalls, and monitoring are in place to detect and block unauthorized delete requests.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability requires no authentication and minimal technical skill to exploit via simple HTTP requests.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.0.5 or later

Vendor Advisory: https://wpscan.com/vulnerability/8c48b657-afa1-45e6-ada6-27ee58185143/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Event Calendar plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 1.0.5+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the Event Calendar plugin until patched

wp plugin deactivate event-calendar

Web Application Firewall Rule

all

Block unauthenticated DELETE/POST requests to calendar endpoints

# Configure WAF to block: POST /wp-admin/admin-ajax.php?action=delete_calendar from unauthenticated IPs

🧯 If You Can't Patch

  • Implement strict network segmentation to limit access to WordPress admin interfaces
  • Enable comprehensive logging and monitoring for unauthorized delete attempts on calendar endpoints

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Event Calendar version. If version is 1.0.4 or earlier, you are vulnerable.

Check Version:

wp plugin get event-calendar --field=version

Verify Fix Applied:

Confirm plugin version is 1.0.5 or later in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unauthenticated POST requests to /wp-admin/admin-ajax.php with delete_calendar action
  • Multiple 200 OK responses to calendar delete endpoints from same IP

Network Indicators:

  • Unusual volume of POST requests to WordPress admin-ajax.php from external IPs
  • DELETE/POST requests to calendar endpoints without authentication cookies

SIEM Query:

source="wordpress.log" AND (uri_path="/wp-admin/admin-ajax.php" AND query_string="*delete_calendar*") AND user="-"

📊 Metadata

CVE ID: CVE-2024-8700
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score: 0.27% exploit probability (49.6th percentile)
Published: May 15, 2025
Last Updated: June 4, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON