Lucene search
HistoryJan 16, 2024 - 4:15 p.m.
CVE-2024-0235
cve-2024-0235
nvd
eventon
wordpress
plugin
authorization
ajax
unauthenticated users
email addresses
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.005 Low
EPSS
Percentile
76.6%
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog
Affected configurations
Node
myeventoneventonRange<4.5.5
myeventoneventonRange<2.2.7
CNA Affected
[
{
"vendor": "Unknown",
"product": "EventON",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "4.5.5"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Unknown",
"product": "EventON",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "2.2.7"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
prion
prion
Code injection
2024-01-16 16:15:00
cvelist
cvelist
wpvulndb
wpvulndb
nvd
nvd
CVE-2024-0235
2024-01-16 16:15:14
githubexploit
githubexploit
Exploit for Missing Authorization in Myeventon Eventon
2024-06-03 14:21:48
wpexploit
wpexploit
nuclei
nuclei
EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
2024-04-28 06:04:28
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
0.005 Low
EPSS
Percentile
76.6%
Related for CVE-2024-0235