CVE-2023-27437 - Vulnerability Details - OpenCVE

Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf allows Functionality Misuse.This issue affects Event Espresso 4 Decaf: from n/a through 4.10.44.Decaf.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0028.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2023-31213	Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf allows Functionality Misuse.This issue affects Event Espresso 4 Decaf: from n/a through 4.10.44.Decaf.

Fixes

Solution

Update to 4.10.45.decaf or a higher version.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://patchstack.com/database/vulnerability/event-espresso-decaf/wordpress-event-espresso-4-decaf-plugin-4-10-44-decaf-bypass-vulnerability?_s_id=cve

History

Sun, 13 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00377}`	epss `{'score': 0.00274}`

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.00165}`	epss `{'score': 0.00377}`

Projects

Sign in to view the affected projects.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2024-06-03T21:59:11.338Z

Updated: 2024-08-02T12:09:43.471Z

Reserved: 2023-03-01T14:31:48.073Z

Link: CVE-2023-27437

Vulnrichment

Updated: 2024-08-02T12:09:43.471Z

NVD

Status : Awaiting Analysis

Published: 2024-06-03T22:15:10.357

Modified: 2024-11-21T07:52:54.700

Link: CVE-2023-27437

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

CWE-862

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-27437", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2023-03-01T14:31:48.073Z", "datePublished": "2024-06-03T21:59:11.338Z", "dateUpdated": "2024-08-02T12:09:43.471Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "event-espresso-decaf", "product": "Event Espresso 4 Decaf", "vendor": "Event Espresso", "versions": [{"changes": [{"at": "4.10.45.decaf", "status": "unaffected"}], "lessThanOrEqual": "4.10.44.decaf", "status": "affected", "version": "n/a", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "yuyudhn (Patchstack Alliance)"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf allows Functionality Misuse.<p>This issue affects Event Espresso 4 Decaf: from n/a through 4.10.44.Decaf.</p>"}], "value": "Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf allows Functionality Misuse.This issue affects Event Espresso 4 Decaf: from n/a through 4.10.44.Decaf."}], "impacts": [{"capecId": "CAPEC-212", "descriptions": [{"lang": "en", "value": "CAPEC-212 Functionality Misuse"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.7, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862 Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-06-03T21:59:11.338Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/vulnerability/event-espresso-decaf/wordpress-event-espresso-4-decaf-plugin-4-10-44-decaf-bypass-vulnerability?_s_id=cve"}], "solutions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Update to 4.10.45.decaf or a higher version."}], "value": "Update to 4.10.45.decaf or a higher version."}], "source": {"discovery": "EXTERNAL"}, "title": "WordPress Event Espresso 4 Decaf plugin <= 4.10.44.decaf - Bypass vulnerability", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-27437", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-04T13:07:25.479150Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T17:24:59.444Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:09:43.471Z"}, "title": "CVE Program Container", "references": [{"tags": ["vdb-entry", "x_transferred"], "url": "https://patchstack.com/database/vulnerability/event-espresso-decaf/wordpress-event-espresso-4-decaf-plugin-4-10-44-decaf-bypass-vulnerability?_s_id=cve"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://patchstack.com/database/vulnerability/event-espresso-decaf/wordpress-event-espresso-4-decaf-plugin-4-10-44-decaf-bypass-vulnerability?_s_id=cve", "tags": ["vdb-entry", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T12:09:43.471Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-27437", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-06-04T13:07:25.479150Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-04T13:07:30.930Z"}}], "cna": {"title": "WordPress Event Espresso 4 Decaf plugin <= 4.10.44.decaf - Bypass vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "yuyudhn (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-212", "descriptions": [{"lang": "en", "value": "CAPEC-212 Functionality Misuse"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.7, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "Event Espresso", "product": "Event Espresso 4 Decaf", "versions": [{"status": "affected", "changes": [{"at": "4.10.45.decaf", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "4.10.44.decaf"}], "packageName": "event-espresso-decaf", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update to 4.10.45.decaf or a higher version.", "supportingMedia": [{"type": "text/html", "value": "Update to 4.10.45.decaf or a higher version.", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/vulnerability/event-espresso-decaf/wordpress-event-espresso-4-decaf-plugin-4-10-44-decaf-bypass-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf allows Functionality Misuse.This issue affects Event Espresso 4 Decaf: from n/a through 4.10.44.Decaf.", "supportingMedia": [{"type": "text/html", "value": "Missing Authorization vulnerability in Event Espresso Event Espresso 4 Decaf allows Functionality Misuse.<p>This issue affects Event Espresso 4 Decaf: from n/a through 4.10.44.Decaf.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2024-06-03T21:59:11.338Z"}}}, "cveMetadata": {"cveId": "CVE-2023-27437", "state": "PUBLISHED", "dateUpdated": "2024-08-02T12:09:43.471Z", "dateReserved": "2023-03-01T14:31:48.073Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2024-06-03T21:59:11.338Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}