Lucene search

[email protected]NVD:CVE-2024-0237

HistoryJan 16, 2024 - 4:15 p.m.

CVE-2024-0237

2024-01-1616:15:14

CWE-862

[email protected]

web.nvd.nist.gov

eventon

wordpress

authorization

bypass

vulnerability

ajax

unauthenticated

users

virtual events

settings

meeting url

moderator

access details

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

20.7%

JSON

The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc

Affected configurations

NVD

Node

myeventoneventonRange<2.2.7wordpress

myeventoneventonRange4.0–4.5.5wordpress

References

wpscan.com/vulnerability/73d1b00e-1f17-4d9a-bfc8-6bc43a46b90b/

5.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

0.001 Low

EPSS

Percentile

20.7%

JSON

Related for NVD:CVE-2024-0237

wpexploit1 prion1 cvelist1 wpvulndb1 cve1