2 matches found
CVE-2023-5519 EventPrime < 3.2.0 - Booking Creation via CSRF
The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks...
CVE-2023-5519
The EventPrime WordPress plugin prior to version 3.2.0 lacks CSRF checks for booking creation, enabling CSRF attacks to cause logged-in users to create unwanted bookings. Root cause: missing CSRF validation on the booking endpoint. Impact: potential unauthorized bookings; remediation: upgrade to ...