CVE-2024-4665 - CERT CVE

  1. CVE-2024-4665

ID CVE-2024-4665
Sažetak The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce.
Reference
CVSS
Base: 5.3
Impact: 1.4
Exploitability:3.9
Pristup
VektorSloženostAutentikacija
NETWORK LOW NONE
Impact
PovjerljivostCjelovitostDostupnost
NONE NONE LOW
CVSS vektor CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Zadnje važnije ažuriranje 16-05-2025 - 16:15
Objavljeno 15-05-2025 - 20:15