CVE-2023-5519 EventPrime < 3.2.0 - Booking Creation via CSRF

2023-10-3113:54:44

WPScan

www.cve.org

cve-2023-5519

eventprime

wordpress

csrf

booking creation

AI Score

4.9

Confidence

High

EPSS

0.001

Percentile

17.0%

JSON

The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.

CNA Affected

[
  {
    "vendor": "Unknown",
    "product": "EventPrime",
    "versions": [
      {
        "status": "affected",
        "versionType": "custom",
        "version": "0",
        "lessThan": "3.2.0"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

References

wpscan.com/vulnerability/ce564628-3d15-4bc5-8b8e-60b71786ac19