Lucene search
WPScanCVE-2023-6447HistoryJan 22, 2024 - 8:15 p.m.
CVE-2023-6447
2024-01-2220:15:47
WPScan
web.nvd.nist.gov
21
cve-2023-6447
eventprime
wordpress plugin
authentication
authorization
unauthenticated access
private events
password protection
security vulnerability
nvd
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
17.0%
The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name.
Affected configurations
Node
metagausseventprimeRange<3.3.6wordpress
| Vendor | Product | Version | CPE |
|---|---|---|---|
| metagauss | eventprime | * | cpe:2.3:a:metagauss:eventprime:*:*:*:*:*:wordpress:*:* |
CNA Affected
[
{
"vendor": "Unknown",
"product": "EventPrime",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "3.3.6"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
EventPrime < 3.3.6 - Unauthenticated Event Access
2023-12-29 00:00:00
cvelist
cvelist
CVE-2023-6447 EventPrime < 3.3.6 - Unauthenticated Event Access
2024-01-22 19:14:30
nvd
nvd
CVE-2023-6447
2024-01-22 20:15:47
prion
prion
Authorization
2024-01-22 20:15:00
wpexploit
wpexploit
EventPrime < 3.3.6 - Unauthenticated Event Access
2023-12-29 00:00:00
CVSS3
5.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
0.001
Percentile
17.0%
Related for CVE-2023-6447