Lucene search
WPScanCVELIST:CVE-2024-0235HistoryJan 16, 2024 - 3:57 p.m.
CVE-2024-0235 EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Email Address Disclosure
2024-01-1615:57:04
WPScan
www.cve.org
3
cve-2024-0235
eventon
wordpress plugin
unauthenticated
email address
disclosure
ajax action
EPSS
0.004
Percentile
73.9%
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog
CNA Affected
[
{
"vendor": "Unknown",
"product": "EventON",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "4.5.5"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Unknown",
"product": "EventON",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "2.2.7"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
prion
prion
Code injection
2024-01-16 16:15:00
wpvulndb
wpvulndb
nvd
nvd
CVE-2024-0235
2024-01-16 16:15:14
wpexploit
wpexploit
cve
cve
CVE-2024-0235
2024-01-16 16:15:14
githubexploit
githubexploit
Exploit for Missing Authorization in Myeventon Eventon
2024-06-03 14:21:48
nuclei
nuclei
EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
2024-04-28 06:04:28