Vulnerabilities > CVE-2022-2846 - Missing Authorization vulnerability in Dwbooster Calendar Event Multi View

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
LOW
Availability impact
NONE
network
low complexity
dwbooster
CWE-862
NVD
Published: 2022-08-16
Updated: 2023-04-05

Summary

The Calendar Event Multi View WordPress plugin before 1.4.07 does not have any authorisation and CSRF checks in place when creating an event, and is also lacking sanitisation as well as escaping in some of the event fields. This could allow unauthenticated attackers to create arbitrary events and put Cross-Site Scripting payloads in it.

Vulnerable Configurations

Part Description Count
Application
Dwbooster
197

Common Weakness Enumeration (CWE)

References