CVE-2023-33321

WordPress EventPrime plugin <= 2.8.6 - Sensitive Data Exposure

CVSS 5.3 MEDIUMEPSS 0.5%CWE-862

In short

The EventPrime WordPress plugin version 2.8.6 and earlier fails to properly check user permissions before allowing access to sensitive information. An attacker can view private event data without proper authorization.

Technical detail

CWE-862 (Missing Authorization) in EventPrime <= 2.8.6 allows unauthenticated or low-privileged users to access sensitive event data through incorrectly configured access control mechanisms. The vulnerability stems from missing permission validation on API endpoints or admin functions that expose event information. Exploitation requires network access to the vulnerable WordPress installation.

Summary generated and translated by AI from the official description.

Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected products

Metagauss · EventPrime

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-2-8-6-sensitive-data-exposure?_s_id=cve