The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-11-27T16:21:59.747Z
Updated: 2024-08-02T07:24:04.271Z
Reserved: 2023-08-08T19:25:24.115Z
Link: CVE-2023-4252
Vulnrichment
No data.
NVD
Status : Analyzed
Published: 2023-11-27T17:15:08.517
Modified: 2023-11-30T05:08:39.450
Link: CVE-2023-4252
Redhat
No data.