CVE-2023-4252

CWE-12843 documents3 sources

Severity

5.3MEDIUM

EPSS

0.1%

top 72.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Eventprime Metagauss Eventprime

Timeline

PublishedNov 27

Description

The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5unknown/eventprime3.2.9

▶NVDmetagauss/eventprime3.2.9

🔴Vulnerability Details

CVEList

EventPrime <= 3.2.9 - Booking Pricing Bypass↗2023-11-27

▶

GHSA

GHSA-cjmg-pmr3-7c35: The EventPrime WordPress plugin through 3↗2023-11-27

▶