Lucene search
HistoryJan 22, 2024 - 8:15 p.m.
CVE-2023-6447
cve-2023-6447
eventprime
wordpress plugin
authentication
authorization
unauthenticated access
private events
password protection
security vulnerability
nvd
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.0005 Low
EPSS
Percentile
17.0%
The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name.
Affected configurations
Node
metagausseventprimeRange<3.3.6
| Vendor | Product | Version | CPE |
|---|---|---|---|
| metagauss | eventprime | * | cpe:2.3:a:metagauss:eventprime:*:*:*:*:*:*:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "EventPrime",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "3.3.6"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
nvd
nvd
CVE-2023-6447
2024-01-22 20:15:47
wpvulndb
wpvulndb
EventPrime < 3.3.6 - Unauthenticated Event Access
2023-12-29 00:00:00
cvelist
cvelist
CVE-2023-6447 EventPrime < 3.3.6 - Unauthenticated Event Access
2024-01-22 19:14:30
prion
prion
Authorization
2024-01-22 20:15:00
wpexploit
wpexploit
EventPrime < 3.3.6 - Unauthenticated Event Access
2023-12-29 00:00:00
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.0005 Low
EPSS
Percentile
17.0%
Related for CVE-2023-6447