Lucene search
Miguel SantarenoWPVDB-ID:E9EF793C-E5A3-4C55-BEEE-56B0909F7A0DHistoryJun 19, 2023 - 12:00 a.m.
EventON < 2.1.2 - Unauthenticated Event Access
2023-06-1900:00:00
Miguel Santareno
wpscan.com
13
eventon
unauthenticated access
private events
security vulnerability
0.029 Low
EPSS
Percentile
90.8%
The plugin lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.
PoC
https://example.com/wp-admin/admin-ajax.php?action=eventon_ics_download&event;_id=value
| CPE | Name | Operator | Version |
|---|---|---|---|
| eventon-lite | lt | 2.1.2 |
Related
cve
cve
CVE-2023-2796
2023-07-10 16:15:51
cvelist
cvelist
CVE-2023-2796 EventON < 2.1.2 - Unauthenticated Event Access
2023-07-10 12:40:07
packetstorm
packetstorm
WordPress EventON Calendar 4.4 Insecure Direct Object Reference
2023-08-04 00:00:00
nuclei
nuclei
EventON <= 2.1 - Missing Authorization
2023-07-11 12:32:11
EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
2024-04-28 06:04:28
nvd
nvd
CVE-2023-2796
2023-07-10 16:15:51
zdt
zdt
prion
prion
Authorization
2023-07-10 16:15:00
wpexploit
wpexploit
EventON < 2.1.2 - Unauthenticated Event Access
2023-06-19 00:00:00
exploitdb
exploitdb
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access
2023-08-04 00:00:00
wordfence
wordfence