CVE-2023-6447: 
WordPress vulnerability analysis and mitigation

The EventPrime WordPress plugin before version 3.3.6 contains a security vulnerability identified as CVE-2023-6447. The vulnerability was discovered by Miguel Santareno and publicly disclosed on December 29, 2023. This security issue affects the EventPrime event calendar management plugin for WordPress, specifically impacting all versions prior to 3.3.6 (WPScan).

The vulnerability is classified as an Access Control issue (CWE-284) with a CVSS score of 5.3 (Medium). The core issue stems from inadequate authentication and authorization mechanisms in the plugin, which allows unauthorized access to protected content. This security flaw aligns with the OWASP Top 10 category A5: Broken Access Control (WPScan).

The vulnerability enables unauthenticated visitors to access private and password-protected events within the EventPrime plugin. Attackers can bypass intended access restrictions by simply guessing the numeric ID or event name in the URL, potentially exposing sensitive or restricted event information (WPScan).

The vulnerability has been patched in EventPrime version 3.3.6. Site administrators running affected versions should immediately upgrade to version 3.3.6 or later to protect their private and password-protected events from unauthorized access (WPScan).