Description
Missing Authorization vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through <= 1.4.35.
Published: 2025-09-22
Score: 3.8 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The CP Multi View Event Calendar plugin contains a missing authorization flaw (CWE-862) that allows attackers to access and alter event calendar data beyond their permitted scope. This could expose sensitive event details, modify schedules, or disrupt event registrations, impacting confidentiality, integrity, and potentially availability of the calendar component.

Affected Systems

WordPress sites deploying codepeople's CP Multi View Event Calendar plugin, any version up to and including 1.4.35, are affected.

Risk and Exploitability

With a CVSS score of 3.8 the vulnerability is low severity, and EPSS indicates a less than 1% likelihood of exploitation. The exploit would likely be carried out through the plugin’s web interface, requiring access to an authenticated user session with insufficiently restricted permissions. Although it is not currently in CISA KEV, sites should not ignore it, as improper access controls could be leveraged for broader malicious activity.

Generated by OpenCVE AI on April 30, 2026 at 06:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the CP Multi View Event Calendar plugin to the latest release that fixes the access control issue.
  • If no update is available, temporarily disable or remove the plugin from the WordPress installation.
  • Adjust the plugin’s configuration to enforce the minimum necessary permissions for event data, ensuring that only authorized users can view or modify calendar entries.

Generated by OpenCVE AI on April 30, 2026 at 06:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-30621 Missing Authorization vulnerability in codepeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CP Multi View Event Calendar : from n/a through 1.4.32.
History

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through <= 1.4.36. Missing Authorization vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through <= 1.4.35.
Title WordPress CP Multi View Event Calendar plugin <= 1.4.36 - Broken Access Control vulnerability WordPress CP Multi View Event Calendar plugin <= 1.4.35 - Broken Access Control vulnerability

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through <= 1.4.35. Missing Authorization vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through <= 1.4.36.
Title WordPress CP Multi View Event Calendar plugin <= 1.4.35 - Broken Access Control vulnerability WordPress CP Multi View Event Calendar plugin <= 1.4.36 - Broken Access Control vulnerability
Metrics cvssV3_1

{'score': 3.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in codepeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CP Multi View Event Calendar : from n/a through 1.4.32. Missing Authorization vulnerability in codepeople CP Multi View Event Calendar cp-multi-view-calendar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CP Multi View Event Calendar : from n/a through <= 1.4.35.
Title WordPress CP Multi View Event Calendar Plugin <= 1.4.32 - Broken Access Control Vulnerability WordPress CP Multi View Event Calendar plugin <= 1.4.35 - Broken Access Control vulnerability
References
Metrics cvssV3_1

{'score': 3.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L'}

Tue, 30 Sep 2025 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 23 Sep 2025 16:15:00 +0000

Type Values Removed Values Added
First Time appeared Cp Multi View Event Calendar Project
Cp Multi View Event Calendar Project cp Multi View Event Calendar
Wordpress
Wordpress wordpress
Vendors & Products Cp Multi View Event Calendar Project
Cp Multi View Event Calendar Project cp Multi View Event Calendar
Wordpress
Wordpress wordpress

Mon, 22 Sep 2025 18:30:00 +0000

Type Values Removed Values Added
Description Missing Authorization vulnerability in codepeople CP Multi View Event Calendar allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects CP Multi View Event Calendar : from n/a through 1.4.32.
Title WordPress CP Multi View Event Calendar Plugin <= 1.4.32 - Broken Access Control Vulnerability
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 3.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L'}

Subscriptions

Cp Multi View Event Calendar Project Cp Multi View Event Calendar
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:40.680Z

Reserved: 2025-08-22T11:37:41.965Z

Link: CVE-2025-58009

cve-icon Vulnrichment

Updated: 2025-09-30T19:53:51.276Z

cve-icon NVD

Status : Deferred

Published: 2025-09-22T19:16:02.460

Modified: 2026-04-28T19:34:02.307

Link: CVE-2025-58009

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T06:45:16Z

Weaknesses