3 matches found
CVE-2023-3219
The EventON WordPress plugin before 2.1.2 does not validate that the eventid parameter in its eventonicsdownload ajax action is a valid Event, allowing unauthenticated visitors to access any Post including unpublished or protected posts content via the ics export functionality by providing the...
PT-2023-4277 · WordPress · Eventon
Name of the Vulnerable Software and Affected Versions: EventON WordPress plugin versions prior to 2.1.2 Description: The issue is related to a lack of authentication and authorization in the eventon ics download ajax action of the EventON WordPress plugin. This allows unauthenticated visitors to...
PT-2023-6980 · WordPress · Eventon
Name of the Vulnerable Software and Affected Versions: EventON WordPress plugin versions prior to 2.1.2 Description: The issue is related to the eventon ics download ajax action in the EventON WordPress plugin, where the event id parameter is not properly validated, allowing unauthorized access t...