Lucene search
WPScanCVELIST:CVE-2023-3219HistoryJul 10, 2023 - 12:41 p.m.
CVE-2023-3219 EventON < 2.1.2 - Unauthenticated Post Access via IDOR
2023-07-1012:41:20
WPScan
www.cve.org
eventon
unauthenticated access
idor
wordpress plugin
security vulnerability
0.113 Low
EPSS
Percentile
95.2%
The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.
CNA Affected
[
{
"vendor": "Unknown",
"product": "EventON",
"versions": [
{
"status": "affected",
"versionType": "custom",
"version": "0",
"lessThan": "2.1.2"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
wpvulndb
wpvulndb
EventON < 2.1.2 - Unauthenticated Post Access via IDOR
2023-06-19 00:00:00
cve
cve
CVE-2023-3219
2023-07-10 16:15:55
nvd
nvd
CVE-2023-3219
2023-07-10 16:15:55
zdt
zdt
packetstorm
packetstorm
WordPress EventON Calendar 4.4 Insecure Direct Object Reference
2023-08-04 00:00:00
wpexploit
wpexploit
EventON < 2.1.2 - Unauthenticated Post Access via IDOR
2023-06-19 00:00:00
prion
prion
Code injection
2023-07-10 16:15:00
nuclei
nuclei
EventON Lite < 2.1.2 - Arbitrary File Download
2023-10-17 07:20:28
exploitdb
exploitdb
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR
2023-08-04 00:00:00
wordfence
wordfence