[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fTCLI_0iKYxKLTdX6wRDGuUUBi-nVsiGfRdPmkkOqOgw":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20},"CVE-2023-4252","eventprime-improper-server-side-checks-to-booking-payment-bypass","EventPrime \u003C= 3.3.2 - Improper Server-Side Checks to Booking Payment Bypass","The EventPrime plugin for WordPress is vulnerable to booking payment bypass in all versions up to, and including, 3.3.2. This is due to the plugin relying on user supplied input to control pricing instead of server-side controls\u002Fvalidation. This makes it possible for unauthenticated attackers to make bookings paying less than the expected amount for a booking.","eventprime-event-calendar-management",null,"\u003C=3.3.2","3.3.3","medium",5.3,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:N\u002FUI:N\u002FS:U\u002FC:N\u002FI:L\u002FA:N","Improper Validation of Specified Quantity in Input","2023-10-30 00:00:00","2024-01-22 19:56:02",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F98ef80a3-4d57-45ae-87cf-d5768b26c27e?source=api-prod",85]