Missing Authorization Vulnerability Allows Functionality Misuse
CVE-2023-27437
3.7LOW
Summary
A missing authorization vulnerability exists in Event Espresso 4 Decaf, which allows an attacker to misuse functionality that should be restricted. This issue affects all versions from an unspecified release up to 4.10.44. Without proper authorization checks, unauthorized users may gain access to sensitive features, compromising the integrity and security of affected installations.
Affected Version(s)
Event Espresso 4 Decaf <= 4.10.44.decaf
References
CVSS V3.1
Score:
3.7
Severity:
LOW
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
yuyudhn (Patchstack Alliance)