The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name.
References
Link | Resource |
---|---|
https://wpscan.com/vulnerability/e366881c-d21e-4063-a945-95e6b080a373/ | Exploit Third Party Advisory |
https://wpscan.com/vulnerability/e366881c-d21e-4063-a945-95e6b080a373/ | Exploit Third Party Advisory |
Configurations
History
21 Nov 2024, 08:43
Type | Values Removed | Values Added |
---|---|---|
References | () https://wpscan.com/vulnerability/e366881c-d21e-4063-a945-95e6b080a373/ - Exploit, Third Party Advisory |
26 Jan 2024, 19:43
Type | Values Removed | Values Added |
---|---|---|
CWE | NVD-CWE-Other | |
CPE | cpe:2.3:a:metagauss:eventprime:*:*:*:*:*:wordpress:*:* | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 5.3 |
References | () https://wpscan.com/vulnerability/e366881c-d21e-4063-a945-95e6b080a373/ - Exploit, Third Party Advisory |
22 Jan 2024, 20:28
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-22 20:15
Updated : 2024-11-21 08:43
NVD link : CVE-2023-6447
Mitre link : CVE-2023-6447
CVE.ORG link : CVE-2023-6447
JSON object : View
Products Affected
metagauss
- eventprime
CWE