1 results (0.003 seconds)
CVSS: 6.3EPSS: %CPEs: 1EXPL: 0
CVSS: 6.3EPSS: %CPEs: 1EXPL: 0CVE-2023-23975 – Quick Event Manager <= 9.7.4 - Missing Authorization Checks
https://notcve.org/view.php?id=CVE-2023-23975
The Quick Event Manager plugin for WordPress is vulnerable to authorization bypass due to missing authorization checks on various calls in the qem_messages() function in versions up to, and including, 9.7.4. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to manage and alter registration settings that should be intended for site administrators. • CWE-862: Missing Authorization •