Missing Authorization Vulnerability Allows Functionality Misuse
CVE-2023-27437

3.7LOW

Key Information:

Vendor
WordPress
Vendor
CVE Published:
3 June 2024

Summary

A missing authorization vulnerability exists in Event Espresso 4 Decaf, which allows an attacker to misuse functionality that should be restricted. This issue affects all versions from an unspecified release up to 4.10.44. Without proper authorization checks, unauthorized users may gain access to sensitive features, compromising the integrity and security of affected installations.

Affected Version(s)

Event Espresso 4 Decaf <= 4.10.44.decaf

References

CVSS V3.1

Score:
3.7
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

yuyudhn (Patchstack Alliance)
.