Lucene search
Krzysztof Zając (CERT PL)WPEX-ID:229273E6-E849-447F-A95A-0730969ECDAEHistoryNov 23, 2023 - 12:00 a.m.
The Events Calendar < 6.2.8.1 - Unauthenticated Arbitrary Password Protected Post Read
2023-11-2300:00:00
Krzysztof Zając (CERT PL)
90
events calendar
password protected
unauthenticated
arbitrary password
post read
exploit
source disclosure
Description The plugin discloses the content of password protected posts to unauthenticated users via a crafted request
Append "?view=single-event" to a password protected post, then view the source of the page and find the post content disclosed in <script type="application/ld+json">
Example: https://exmple.com/password-protected-post/?view=single-eventRelated
prion
prion
Cross site request forgery (csrf)
2023-12-18 20:15:00
nvd
nvd
CVE-2023-6203
2023-12-18 20:15:08
openvas
openvas
cvelist
cvelist
wpvulndb
wpvulndb
cve
cve
CVE-2023-6203
2023-12-18 20:15:08
AI Score
6.9
Confidence
Low
EPSS
0.001
Percentile
37.3%
Related for WPEX-ID:229273E6-E849-447F-A95A-0730969ECDAE