Login Sign Up

CVE-2023-45637

7.1 HIGH
Cross-Site Scripting

📋 TL;DR

Unauthenticated reflected cross-site scripting (XSS) vulnerability in EventPrime WordPress plugin allows attackers to inject malicious scripts via crafted URLs. This affects WordPress sites running EventPrime plugin version 3.1.5 or earlier. Attackers can execute arbitrary JavaScript in victims' browsers when they visit malicious links.

💻 Affected Systems

Products:
  • EventPrime – Events Calendar, Bookings and Tickets WordPress plugin
Versions: <= 3.1.5
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: All WordPress installations with vulnerable plugin versions are affected regardless of configuration.

📦 What is this software?

Eventprime by Metagauss

View all CVEs affecting Eventprime →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers could steal session cookies, redirect users to malicious sites, perform actions on behalf of authenticated users, or install malware via drive-by downloads.

🟠

Likely Case

Session hijacking, credential theft, defacement of website content, or redirection to phishing pages.

🟢

If Mitigated

Limited impact if proper Content Security Policy (CSP) headers are implemented and user input validation is enforced.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires user interaction (clicking malicious link) but is trivial to execute.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.1.6 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-3-1-5-reflected-cross-site-scripting-xss-vulnerability

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find EventPrime plugin and click 'Update Now'. 4. Verify plugin version is 3.1.6 or higher.

🔧 Temporary Workarounds

Implement Content Security Policy

all

Add CSP headers to restrict script execution sources

Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Add to nginx config: add_header Content-Security-Policy "default-src 'self'; script-src 'self'";

Disable vulnerable plugin

linux

Temporarily disable EventPrime plugin until patched

wp plugin deactivate eventprime-event-calendar-management

🧯 If You Can't Patch

  • Implement web application firewall (WAF) rules to block XSS payloads
  • Restrict plugin access to trusted users only using authentication

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > EventPrime version number

Check Version:

wp plugin get eventprime-event-calendar-management --field=version

Verify Fix Applied:

Verify plugin version is 3.1.6 or higher and test with XSS payloads

📡 Detection & Monitoring

Log Indicators:

  • Unusual GET requests with script tags in query parameters
  • Multiple 404 errors with suspicious parameters

Network Indicators:

  • HTTP requests containing <script> tags or JavaScript in URL parameters

SIEM Query:

source="web_logs" AND (url="*<script>*" OR url="*javascript:*")

📊 Metadata

CVE ID: CVE-2023-45637
CVSS v3 Score: 7.1 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:L
CWE: CWE-79
Published: October 25, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-45637, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)