Lucene search
K

4 matches found

NVD
NVD
added 2024/01/16 4:15 p.m.28 views

CVE-2024-0238

The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata...

6.1CVSS6.4AI score0.00373EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/01/16 3:57 p.m.30 views

CVE-2024-0238 EventON (Free < 2.2.8, Premium < 4.5.6) - Unauthenticated Arbitrary Post Metadata Update

The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata...

6.6AI score0.00373EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/01/16 3:57 p.m.6 views

CVE-2024-0238 EventON (Free < 2.2.8, Premium < 4.5.6) - Unauthenticated Arbitrary Post Metadata Update

The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata...

6.4AI score0.00373EPSS
Exploits1References1
CVE
CVE
added 2024/01/16 3:57 p.m.62 views

CVE-2024-0238

Affected software: EventON Premium WordPress plugin &lt;4.5.6 and EventON WordPress plugin

6.1CVSS6.3AI score0.00373EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder