CVE-2023-5519
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Published Oct 31, 2023
Updated: Nov 8, 2023
CWE ID 352
Summary
CVE-2023-5519 is a vulnerability affecting the EventPrime plugin used in WordPress sites. Before version 3.2.0, this plugin lacked Cross-Site Request Forgery (CSRF) protection during the booking process. An attacker who successfully executes a CSRF attack can manipulate logged-in users into creating unwanted bookings without their consent. This issue poses a security risk and should be addressed by updating to the latest plugin version.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share