Lucene search
PRIOn knowledge basePRION:CVE-2023-3219HistoryJul 10, 2023 - 4:15 p.m.
Code injection
2023-07-1016:15:00
PRIOn knowledge base
www.prio-n.com
4
code injection
eventon
wordpress plugin
event validation
unauthenticated access
post content
ics export
0.113 Low
EPSS
Percentile
95.2%
The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.
Related
wpvulndb
wpvulndb
EventON < 2.1.2 - Unauthenticated Post Access via IDOR
2023-06-19 00:00:00
cve
cve
CVE-2023-3219
2023-07-10 16:15:55
nvd
nvd
CVE-2023-3219
2023-07-10 16:15:55
zdt
zdt
packetstorm
packetstorm
WordPress EventON Calendar 4.4 Insecure Direct Object Reference
2023-08-04 00:00:00
wpexploit
wpexploit
EventON < 2.1.2 - Unauthenticated Post Access via IDOR
2023-06-19 00:00:00
nuclei
nuclei
EventON Lite < 2.1.2 - Arbitrary File Download
2023-10-17 07:20:28
cvelist
cvelist
CVE-2023-3219 EventON < 2.1.2 - Unauthenticated Post Access via IDOR
2023-07-10 12:41:20
exploitdb
exploitdb
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR
2023-08-04 00:00:00
wordfence
wordfence