What the vulnerability does
01Description
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
What the vulnerability does
Unauthenticated Broken Access Control in WP Event SOlution <= 4.1.12 versions.
Explanation of Vulnerability in Simple Terms
WP Event Solution versions up to 4.1.12 lack proper authorization checks, allowing unauthenticated attackers to read sensitive data. An attacker can access information without logging in or user interaction. Site administrators should update immediately to a version newer than 4.1.12 to restore access controls.
What an attacker can do
Read sensitive data without authentication.
Potential impact on your site
Unauthorized visitors can access confidential event or site data exposed by the plugin.
Conditions required to exploit
Network access only; no login or user interaction required.
Key dates
External resources
Related vulnerabilities