CVE-2024-0238 EventON (Free < 2.2.8, Premium < 4.5.6) - Unauthenticated Arbitrary Post Metadata Update

🗓️ 16 Jan 2024 15:57:05Reported by WPScanType

EventON WordPress plugin Security Vulnerabilit

Reporter	Title	Published	Views	Family All 14
Circl	CVE-2024-0238	6 Feb 202414:16	–	circl
CNNVD	WordPress plugin EventON security vulnerability	16 Jan 202400:00	–	cnnvd
CVE	CVE-2024-0238	16 Jan 202415:57	–	cve
EUVD	EUVD-2024-16036	3 Oct 202520:07	–	euvd
NVD	CVE-2024-0238	16 Jan 202416:15	–	nvd
OSV	CVE-2024-0238	16 Jan 202416:15	–	osv
Patchstack	WordPress EventON plugin < 4.5.6 - Unauthenticated Arbitrary Post Metadata Update vulnerability	30 Jan 202607:38	–	patchstack
Patchstack	WordPress EventON < 2.2.8 - Unauthenticated Arbitrary Post Metadata Update vulnerability	30 Jan 202607:36	–	patchstack
Prion	Code injection	16 Jan 202416:15	–	prion
Positive Technologies	PT-2024-15404 · WordPress · Eventon +1	16 Jan 202400:00	–	ptsecurity

[
  {
    "vendor": "Unknown",
    "product": "EventON Premium",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "4.5.6"
      }
    ],
    "defaultStatus": "unaffected"
  },
  {
    "vendor": "Unknown",
    "product": "EventON",
    "versions": [
      {
        "status": "affected",
        "versionType": "semver",
        "version": "0",
        "lessThan": "2.2.8"
      }
    ],
    "defaultStatus": "unaffected",
    "collectionURL": "https://wordpress.org/plugins"
  }
]

Source	Link
wpscan	www.wpscan.com/vulnerability/774655ac-b201-4d9f-8790-9eff8564bc91/

05 Feb 2024 21:23Current

6.6Medium risk

Vulners AI Score6.6

EPSS0.00727