Lucene search
Miguel SantarenoWPVDB-ID:72D80887-0270-4987-9739-95B1A178C1FDHistoryJun 19, 2023 - 12:00 a.m.
EventON < 2.1.2 - Unauthenticated Post Access via IDOR
2023-06-1900:00:00
Miguel Santareno
wpscan.com
6
plugin vulnerability
unauthenticated access
post content
0.113 Low
EPSS
Percentile
95.2%
The plugin does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.
PoC
https://example.com/wp-admin/admin-ajax.php?action=eventon_ics_download&event;_id=
| CPE | Name | Operator | Version |
|---|---|---|---|
| eventon-lite | lt | 2.1.2 |
Related
cve
cve
CVE-2023-3219
2023-07-10 16:15:55
nvd
nvd
CVE-2023-3219
2023-07-10 16:15:55
zdt
zdt
packetstorm
packetstorm
WordPress EventON Calendar 4.4 Insecure Direct Object Reference
2023-08-04 00:00:00
wpexploit
wpexploit
EventON < 2.1.2 - Unauthenticated Post Access via IDOR
2023-06-19 00:00:00
prion
prion
Code injection
2023-07-10 16:15:00
nuclei
nuclei
EventON Lite < 2.1.2 - Arbitrary File Download
2023-10-17 07:20:28
cvelist
cvelist
CVE-2023-3219 EventON < 2.1.2 - Unauthenticated Post Access via IDOR
2023-07-10 12:41:20
exploitdb
exploitdb
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR
2023-08-04 00:00:00
wordfence
wordfence