EventPrime < 3.3.6 – Unauthenticated Event Access | CVE 2023-6447 | Plugin Vulnerabilities

Description

The plugin lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name.

Proof of Concept

1. Create a password-protected event or a private event then publish it.
2. Access to the URL on a private browser and you will be able to see the password-protected or private event.
3. https://www.example.com/index.php/event/{{EVENT-ID}}/

Affects Plugins

eventprime-event-calendar-management

Fixed in 3.3.6

References

CVE

Classification

Type

ACCESS CONTROLS

OWASP top 10

A5: Broken Access Control

CWE

CVSS

Miscellaneous

Original Researcher

Miguel Santareno

Submitter

Miguel Santareno

Submitter website

https://miguelsantareno.github.io/

Submitter twitter

MiguelSantareno

Verified

Yes

WPVDB ID

e366881c-d21e-4063-a945-95e6b080a373

Timeline

Publicly Published

2023-12-29 (about 1 year ago)

Added

2023-12-29 (about 1 year ago)

Last Updated

2023-12-29 (about 1 year ago)

Other

Published

Title

Published

2021-05-26

Title

Simple 301 Redirects by BetterLinks - 2.0.0 – 2.0.3 - Unauthenticated Redirect Import

Published

2021-03-16

Title

Flo Forms < 1.0.36 - Authenticated Options Change to Stored XSS

Published

2024-02-01

Title

ARMember < 4.0.25 - Improper Access Control to Sensitive Information Exposure via REST API

Published

2024-04-19

Title

VikBooking < 1.6.8 - Broken Access Control

Published

2020-10-16

Title

TI WooCommerce Wishlist - Authenticated WP Options Change