Vulnerability Details CVE-2023-0404
The Events Made Easy plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on several functions related to AJAX actions in versions up to, and including, 2.3.16. This makes it possible for authenticated attackers, with subscriber-level permissions and above, to invoke those functions intended for administrator use. While the plugin is still pending review from the WordPress repository, site owners can download a copy of the patched version directly from the developer's Github at https://github.com/liedekef/events-made-easy
Exploit prediction scoring system (EPSS) score
EPSS Score 0.0
EPSS Ranking 6.0%
CVSS Severity
CVSS v3 Score 5.4
References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2836308%40events-made-easy&new=2836308%40events-made-easy&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/5a9e62de-3e70-424f-b8e5-2a5f07ca182d
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=2836308%40events-made-easy&new=2836308%40events-made-easy&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/5a9e62de-3e70-424f-b8e5-2a5f07ca182d
Products affected by CVE-2023-0404
-
cpe:2.3:a:e-dynamics:events_made_easy:-
-
cpe:2.3:a:e-dynamics:events_made_easy:2.1.100
-
cpe:2.3:a:e-dynamics:events_made_easy:2.1.101
-
cpe:2.3:a:e-dynamics:events_made_easy:2.1.102
-
cpe:2.3:a:e-dynamics:events_made_easy:2.1.103
-
cpe:2.3:a:e-dynamics:events_made_easy:2.1.104
-
cpe:2.3:a:e-dynamics:events_made_easy:2.1.105
-
cpe:2.3:a:e-dynamics:events_made_easy:2.1.106
-
cpe:2.3:a:e-dynamics:events_made_easy:2.1.107
-
cpe:2.3:a:e-dynamics:events_made_easy:2.1.108
-
cpe:2.3:a:e-dynamics:events_made_easy:2.1.109
-
cpe:2.3:a:e-dynamics:events_made_easy:2.1.110
-
cpe:2.3:a:e-dynamics:events_made_easy:2.1.111
-
cpe:2.3:a:e-dynamics:events_made_easy:2.1.112
-
cpe:2.3:a:e-dynamics:events_made_easy:2.1.113
-
cpe:2.3:a:e-dynamics:events_made_easy:2.1.114
-
cpe:2.3:a:e-dynamics:events_made_easy:2.1.115
-
cpe:2.3:a:e-dynamics:events_made_easy:2.1.116
-
cpe:2.3:a:e-dynamics:events_made_easy:2.1.117
-
cpe:2.3:a:e-dynamics:events_made_easy:2.1.118
-
cpe:2.3:a:e-dynamics:events_made_easy:2.1.119
-
cpe:2.3:a:e-dynamics:events_made_easy:2.1.120
-
cpe:2.3:a:e-dynamics:events_made_easy:2.1.121
-
cpe:2.3:a:e-dynamics:events_made_easy:2.1.122
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.0
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.1
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.10
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.11
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.12
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.13
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.14
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.15
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.16
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.17
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.18
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.19
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.2
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.20
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.21
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.22
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.23
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.24
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.25
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.26
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.27
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.28
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.29
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.3
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.30
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.31
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.32
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.33
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.34
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.35
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.36
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.37
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.38
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.39
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.4
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.40
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.41
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.42
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.43
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.44
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.45
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.46
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.5
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.6
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.7
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.8
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.9
-
cpe:2.3:a:e-dynamics:events_made_easy:2.2.99
-
cpe:2.3:a:e-dynamics:events_made_easy:2.3.0
-
cpe:2.3:a:e-dynamics:events_made_easy:2.3.1
-
cpe:2.3:a:e-dynamics:events_made_easy:2.3.10
-
cpe:2.3:a:e-dynamics:events_made_easy:2.3.11
-
cpe:2.3:a:e-dynamics:events_made_easy:2.3.12
-
cpe:2.3:a:e-dynamics:events_made_easy:2.3.13
-
cpe:2.3:a:e-dynamics:events_made_easy:2.3.14
-
cpe:2.3:a:e-dynamics:events_made_easy:2.3.16
-
cpe:2.3:a:e-dynamics:events_made_easy:2.3.2
-
cpe:2.3:a:e-dynamics:events_made_easy:2.3.3
-
cpe:2.3:a:e-dynamics:events_made_easy:2.3.4
-
cpe:2.3:a:e-dynamics:events_made_easy:2.3.5
-
cpe:2.3:a:e-dynamics:events_made_easy:2.3.6
-
cpe:2.3:a:e-dynamics:events_made_easy:2.3.7
-
cpe:2.3:a:e-dynamics:events_made_easy:2.3.8
-
cpe:2.3:a:e-dynamics:events_made_easy:2.3.9