CVE-2024-4665

Name of the Vulnerable Software and Affected Versions: EventPrime WordPress plugin versions prior to 3.5.0

Description: The issue concerns a lack of proper permission validation when updating bookings, allowing users to change or cancel bookings for other users. Additionally, the feature lacks a nonce, which is a security token used to prevent cross-site request forgery (CSRF) attacks.

Recommendations: For versions prior to 3.5.0, update to version 3.5.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the booking update feature to minimize the risk of exploitation.