CVE-2023-1129
Published: 24 April 2023
Summary
CVE-2023-1129 is a medium-severity an unspecified weakness vulnerability in Wp Fevents Book Project Wp Fevents Book. Its CVSS base score is 6.5 (Medium).
Operationally, ranked at the 41.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2023-23412
Vulnerability details
The WP FEvents Book WordPress plugin through 0.46 does not ensures that bookings to be updated belong to the user making the request, allowing any authenticated user to book, add notes, or cancel booking on behalf of other users.
- CWE(s)
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.