CVE-2023-4251

CWE-352 — Cross-Site Request Forgery (CSRF)3 documents3 sources

Severity

4.3MEDIUM

EPSS

0.1%

top 65.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Eventprime Metagauss Eventprime

Timeline

PublishedOct 31

Description

The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5unknown/eventprime< 3.2.0

▶NVDmetagauss/eventprime< 3.2.0

🔴Vulnerability Details

GHSA

GHSA-p2rj-m2c8-2vm5: The EventPrime WordPress plugin before 3↗2023-10-31

▶

CVEList

EventPrime < 3.2.0 - Booking Creation via CSRF↗2023-10-31

▶