CVE-2024-0237

🗓️ 16 Jan 2024 15:56:59Reported by WPScanType

cve🔗 web.nvd.nist.gov👁 51 Views🌐 WEB

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 allows unauthenticated users to update virtual events settings

Reporter	Title	Published	Views	Family All 13
Circl	CVE-2024-0237	6 Feb 202413:16	–	circl
CNNVD	WordPress plugin EventON security vulnerability	16 Jan 202400:00	–	cnnvd
Cvelist	CVE-2024-0237 EventON (Free < 2.2.9, Premium <= 4.5.8) - Unauthenticated Virtual Event Settings Update	16 Jan 202415:56	–	cvelist
EUVD	EUVD-2024-16035	3 Oct 202520:07	–	euvd
NVD	CVE-2024-0237	16 Jan 202416:15	–	nvd
Patchstack	WordPress EventON Lite< 2.2.9 - Unauthenticated Virtual Event Settings Update vulnerability	30 Jan 202607:48	–	patchstack
Patchstack	WordPress EventON plugin < 4.5.9 - Unauthenticated Virtual Event Settings Update vulnerability	30 Jan 202607:49	–	patchstack
Prion	Code injection	16 Jan 202416:15	–	prion
Positive Technologies	PT-2024-15403 · WordPress · Eventon	16 Jan 202400:00	–	ptsecurity
RedhatCVE	CVE-2024-0237	23 May 202509:32	–	redhatcve

NVD

Vulners

Node

myeventon eventonRange<2.2.7wordpress

myeventon eventonRange4.0–4.5.5wordpress

[
  {
    "vendor": "Unknown",
    "product": "EventON Premium",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "4.5.8"
      }
    ],
    "defaultStatus": "affected"
  },
  {
    "vendor": "Unknown",
    "product": "EventON",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "2.2.7"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/73d1b00e-1f17-4d9a-bfc8-6bc43a46b90b/

Parameter	Position	Path	Description	CWE
event_id	request body	wp-admin/admin-ajax.php	Unauthenticated update of virtual event settings via AJAX action eventon_save_virtual_event_settings	CWE-862
_vir_url	request body	wp-admin/admin-ajax.php	Unauthenticated update of virtual event settings via AJAX action eventon_save_virtual_event_settings	CWE-862
eid	request body	wp-admin/admin-ajax.php	Unauthenticated update of virtual moderator settings via AJAX action eventon_save_virtual_mod_settings	CWE-862
_user_role	request body	wp-admin/admin-ajax.php	Unauthenticated update of virtual moderator settings via AJAX action eventon_save_virtual_mod_settings	CWE-862
_mod	request body	wp-admin/admin-ajax.php	Unauthenticated update of virtual moderator settings via AJAX action eventon_save_virtual_mod_settings	CWE-862

17 Jun 2026 06:53Current

5.3Medium risk

Vulners AI Score5.3

CVSS 3.15.3

EPSS0.00411

SSVC

CWE-862