What the vulnerability does
01Description
Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through <= 4.0.26.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
What the vulnerability does
Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through <= 4.0.26.
Explanation of Vulnerability in Simple Terms
Eventin versions up to 4.0.26 contain a privilege escalation vulnerability that allows unauthenticated attackers to gain full control of the application over the network. The vulnerability stems from improper access control, enabling attackers to read, modify, and delete data without any credentials or user interaction. All installations should update immediately.
What an attacker can do
Read, modify, and delete any data in the application without authentication.
Potential impact on your site
Complete compromise of the Eventin installation and all event data without warning or authentication.
Conditions required to exploit
Network access only; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities