7 matches found
Wordpress EventON Calendar 4.4 Plugin - Unauthenticated Event Access Vulnerability
Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access Exploit Author: Miguel Santareno Vendor Homepage: https://www.myeventon.com/ Version: 4.4 Tested on: Google and Firefox latest version CVE : CVE-2023-2796 1. Description The plugin lacks authentication and...
WordPress EventON Calendar 4.4 Insecure Direct Object Reference
Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access Date: 03.08.2023 Exploit Author: Miguel Santareno Vendor Homepage: https://www.myeventon.com/ Version: 4.4 Tested on: Google and Firefox latest version CVE : CVE-2023-2796 1. Description The plugin lacks...
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access
Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access Date: 03.08.2023 Exploit Author: Miguel Santareno Vendor Homepage: https://www.myeventon.com/ Version: 4.4 Tested on: Google and Firefox latest version CVE : CVE-2023-2796 1. Description The plugin lacks...
CVE-2023-2796
creationtimestamp| type| source ---|---|--- 2023-07-10 20:24:00+00:00| seen| https://t.me/cibsecurity/66257 2023-08-06 12:37:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/8800 2025-02-05 00:00:00+00:00| exploited| The Shadowserver honeypot/exploited-vulnerabilities ...
CVE-2023-2796 EventON < 2.1.2 - Unauthenticated Event Access
The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventonicsdownload ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id...
CVE-2023-2796
The EventON WordPress plugin (before 2.1.2) has a vulnerability in the eventon_ics_download AJAX action that lacks authentication/authorization, allowing unauthenticated visitors to access private and password-protected events by guessing the numeric event_id. Impact is unauthorized access to eve...
WordPress EventON Plugin < 2.1.2 is vulnerable to Broken Access Control
Software EventON Type Plugin Vulnerable versions 2.1.2 Fixed in 2.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2796 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID de829ab567b4 Credits Miguel Santareno Required privilege...