CVE-2023-6360

CVSS 3.1 Score 9.8 of 10 (high)

Attack Complexity low
Confidentiality high
Integrity high
Availability high
Scope unchanged
Privileges Required none

Details

Published Nov 30, 2023
Updated: Dec 6, 2023
CWE ID 89

Summary

CVE-2023-6360 is a newly disclosed vulnerability that puts WordPress sites using the 'My Calendar' plugin version below 3.4.22 at risk. Attackers can exploit unauthenticated SQL injection vulnerabilities in the '/my-calendar/v1/events' rest route by manipulating the 'from' and 'to' parameters. Successful exploitation could lead to unauthorized access, data theft, or even complete site takeover. Users are advised to update the plugin as soon as possible to mitigate this threat.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share