5 matches found
CVE-2023-4252
The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment...
CVE-2023-4252
The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment...
CVE-2023-4252
The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment...
CVE-2023-4252
The CVE concerns the EventPrime WordPress plugin (up to version 3.2.9). The root cause is that the client request can specify the price of a booking, enabling an attacker to complete a booking without paying. Public docs corroborate the existence of a payment bypass vulnerability and provide a Po...
CVE-2023-4252 EventPrime <= 3.2.9 - Booking Pricing Bypass
The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment...