Lucene search
WPScanCVELIST:CVE-2023-2796HistoryJul 10, 2023 - 12:40 p.m.
CVE-2023-2796 EventON < 2.1.2 - Unauthenticated Event Access
2023-07-1012:40:07
WPScan
www.cve.org
eventon
wordpress
vulnerability
unauthenticated access
eventon_ics_download
ajax action
private events
password protected events
0.029 Low
EPSS
Percentile
90.8%
The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.
CNA Affected
[
{
"vendor": "Unknown",
"product": "EventON",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "2.1.2"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
EventON < 2.1.2 - Unauthenticated Event Access
2023-06-19 00:00:00
cve
cve
CVE-2023-2796
2023-07-10 16:15:51
packetstorm
packetstorm
WordPress EventON Calendar 4.4 Insecure Direct Object Reference
2023-08-04 00:00:00
nuclei
nuclei
EventON <= 2.1 - Missing Authorization
2023-07-11 12:32:11
EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
2024-04-28 06:04:28
nvd
nvd
CVE-2023-2796
2023-07-10 16:15:51
zdt
zdt
prion
prion
Authorization
2023-07-10 16:15:00
wpexploit
wpexploit
EventON < 2.1.2 - Unauthenticated Event Access
2023-06-19 00:00:00
exploitdb
exploitdb
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access
2023-08-04 00:00:00
wordfence
wordfence