Authorization Vulnerability in CP Multi View Event Calendar Affects Incorrectly Configured Access Control Security Levels
CVE-2023-23814

3.8LOW

Key Information:

Vendor: WordPress
Status: Cp Multi View Event Calendar
Vendor: CVE Published:; 9 December 2024

Summary

A missing authorization vulnerability has been identified in the CodePeople CP Multi View Event Calendar. This vulnerability arises from incorrectly configured access control security levels, leading to potential unauthorized access to sensitive features and data within the event calendar. The flaw affects all versions of the plugin from an unspecified version through 1.4.13, enabling attackers to exploit access controls and manipulate event data. Users of this plugin are advised to assess their current configuration and apply recommended security measures to mitigate any potential risks.

Affected Version(s)

CP Multi View Event Calendar <= 1.4.13

References

https://patchstack.com/database/wordpress/plugin/cp-multi...

vdb-entry

CVSS V3.1

Score:

3.8

Severity:

LOW

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Dec 9, 2024
Vulnerability Reserved
Jan 18, 2023

Credit

yuyudhn (Patchstack Alliance)