3 matches found
WordPress EventON Calendar 4.4 Insecure Direct Object Reference
Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR Date: 03.08.2023 Exploit Author: Miguel Santareno Vendor Homepage: https://www.myeventon.com/ Version: 4.4 Tested on: Google and Firefox latest version CVE : CVE-2023-3219 1. Description The plugin does no...
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR
Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR Date: 03.08.2023 Exploit Author: Miguel Santareno Vendor Homepage: https://www.myeventon.com/ Version: 4.4 Tested on: Google and Firefox latest version CVE : CVE-2023-3219 1. Description The plugin does no...
CVE-2023-3219
CVE-2023-3219 affects the EventON WordPress plugin prior to 2.1.2. The vulnerability arises because the eventon_ics_download AJAX action does not validate the event_id parameter as a valid Event, enabling unauthenticated users to access any Post (including unpublished/protected posts) via ICS exp...