CVE-2024-8369Missing Authorization in Eventprime

CWE-862Missing Authorization3 documents3 sources
Severity
5.3MEDIUMNVD
EPSS
1.2%
top 21.26%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Metagauss Eventprime
Timeline
PublishedSep 10

Description

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. This makes it possible for unauthenticated attackers to view private or password-protected events.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages1 packages

NVDmetagauss/eventprime< 4.0.4.4

🔴Vulnerability Details

2
CVEList
EventPrime <= 4.0.4.3 - Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure2024-09-10
GHSA
GHSA-8vgr-3wf8-f94v: The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected even2024-09-10
CVE-2024-8369 — Missing Authorization in Eventprime | cvebase