Lucene search
K

7 matches found

0day.today
0day.today
added 2023/08/04 12:0 a.m.215 views

Wordpress EventON Calendar 4.4 Plugin - Unauthenticated Event Access Vulnerability

Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access Exploit Author: Miguel Santareno Vendor Homepage: https://www.myeventon.com/ Version: 4.4 Tested on: Google and Firefox latest version CVE : CVE-2023-2796 1. Description The plugin lacks authentication and...

5.3CVSS7.1AI score0.42674EPSS
Exploits5
Packet Storm
Packet Storm
added 2023/08/04 12:0 a.m.318 views

WordPress EventON Calendar 4.4 Insecure Direct Object Reference

Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access Date: 03.08.2023 Exploit Author: Miguel Santareno Vendor Homepage: https://www.myeventon.com/ Version: 4.4 Tested on: Google and Firefox latest version CVE : CVE-2023-2796 1. Description The plugin lacks...

5.3CVSS7.1AI score0.42674EPSS
Exploits5
Exploit DB
Exploit DB
added 2023/08/04 12:0 a.m.365 views

Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access

Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access Date: 03.08.2023 Exploit Author: Miguel Santareno Vendor Homepage: https://www.myeventon.com/ Version: 4.4 Tested on: Google and Firefox latest version CVE : CVE-2023-2796 1. Description The plugin lacks...

5.3CVSS5.3AI score0.42674EPSS
Exploits5
Circl
Circl
added 2023/07/10 8:24 p.m.61 views

CVE-2023-2796

creationtimestamp| type| source ---|---|--- 2023-07-10 20:24:00+00:00| seen| https://t.me/cibsecurity/66257 2023-08-06 12:37:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/8800 2025-02-05 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities ...

5.3CVSS6.3AI score0.42674EPSS
In wildExploits5References4
Vulnrichment
Vulnrichment
added 2023/07/10 12:40 p.m.19 views

CVE-2023-2796 EventON < 2.1.2 - Unauthenticated Event Access

The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventonicsdownload ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id...

7.1AI score0.42674EPSS
Exploits5References2
CVE
CVE
added 2023/07/10 12:40 p.m.109 views

CVE-2023-2796

The EventON WordPress plugin (before 2.1.2) has a vulnerability in the eventon_ics_download AJAX action that lacks authentication/authorization, allowing unauthenticated visitors to access private and password-protected events by guessing the numeric event_id. Impact is unauthorized access to eve...

5.3CVSS5.8AI score0.42674EPSS
In wildExploits5References2Affected Software1
Patchstack
Patchstack
added 2023/06/22 12:0 a.m.14 views

WordPress EventON Plugin < 2.1.2 is vulnerable to Broken Access Control

Software EventON Type Plugin Vulnerable versions 2.1.2 Fixed in 2.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2796 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID de829ab567b4 Credits Miguel Santareno Required privilege...

5.3CVSS6.4AI score0.42674EPSS
Exploits5References4Affected Software1
Rows per page
Query Builder