CVE-2023-6203
The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read
Severity Score
7.5
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The Events Calendar WordPress plugin before 6.2.8.1 discloses the content of password protected posts to unauthenticated users via a crafted request
El complemento Events Calendar de WordPress anterior a 6.2.8.1 revela el contenido de publicaciones protegidas con contraseña a usuarios no autenticados a través de una solicitud manipulada
The The Events Calendar plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to and including 6.2.8 via the get_data function. This makes it possible for unauthenticated attackers to extract sensitive data including private post content, via the REST API.
*Credits:
Krzysztof Zając (CERT PL), WPScan
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2023-11-20 CVE Reserved
- 2023-11-20 CVE Published
- 2024-08-02 CVE Updated
- 2024-08-02 First Exploit
- 2024-09-07 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-202: Exposure of Sensitive Information Through Data Queries
CAPEC
References (1)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|---|---|
| https://wpscan.com/vulnerability/229273e6-e849-447f-a95a-0730969ecdae | 2024-08-02 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Tri Search vendor "Tri" | The Events Calendar Search vendor "Tri" for product "The Events Calendar" | < 6.2.8.1 Search vendor "Tri" for product "The Events Calendar" and version " < 6.2.8.1" | wordpress |
Affected
| ||||||