What the vulnerability does
01Description
Missing Authorization vulnerability in Ex-Themes WooEvents woo-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooEvents: from n/a through <= 4.1.7.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
What the vulnerability does
Missing Authorization vulnerability in Ex-Themes WooEvents woo-events allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooEvents: from n/a through <= 4.1.7.
Explanation of Vulnerability in Simple Terms
WooEvents versions 4.1.7 and earlier contain an authorization bypass that allows unauthenticated attackers to modify event data over the network. The vulnerability stems from missing permission checks on administrative functions. An attacker can alter event details without needing to log in or interact with a user.
What an attacker can do
Modify event information without authentication.
Potential impact on your site
Event data can be altered by anyone, potentially disrupting bookings, schedules, or event details.
Conditions required to exploit
Network access to the site; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities