CVE-2023-6447

CWE-284 — Improper Access Control3 documents3 sources

Severity

5.3MEDIUM

EPSS

0.1%

top 65.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Unknown Eventprime Metagauss Eventprime

Timeline

PublishedJan 22

Description

The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

▶CVEListV5unknown/eventprime< 3.3.6

▶NVDmetagauss/eventprime< 3.3.6

🔴Vulnerability Details

GHSA

GHSA-hx36-7gv6-g4jg: The EventPrime WordPress plugin before 3↗2024-01-22

▶

CVEList

EventPrime < 3.3.6 - Unauthenticated Event Access↗2024-01-22

▶