CVE-2023-3219
published 2023-07-10CVE-2023-3219: The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing…
PriorityP342medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EXPLOIT
EPSS
6.12%
92.5th percentile
The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| myeventon | eventon | < 2.1.2 | 2.1.2 |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect exploitation attempts by monitoring GET requests to /wp-admin/admin-ajax.php with the 'action=eventon_ics_download' parameter combined with an arbitrary numeric 'event_id'. Requests are unauthenticated and require no prior session. ↗
- →A successful exploitation response will contain both 'BEGIN:VCALENDAR' and 'END:VCALENDAR' in the body with a 'text/Calendar' Content-Type header and HTTP 200 status, indicating post content was leaked via ICS export. ↗
- →Presence of the plugin paths '/wp-content/plugins/eventon/' or '/wp-content/plugins/eventon-lite/' in HTTP responses indicates a potentially vulnerable installation that should be prioritized for scanning. ↗
- ·The exploit works by supplying any arbitrary numeric post ID as 'event_id'; there is no fixed payload value — attackers enumerate IDs (e.g., 1, 2, 3…) to harvest different posts, so detection rules should focus on the action parameter pattern rather than a specific event_id value. ↗
- ·The vulnerability affects EventON Lite versions before 2.1.2 as well as the paid EventON plugin (tested on version 4.4); detection coverage should include both plugin paths. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR
exploitdb·2023-08-04·CVSS 5.3
CVE-2023-3219 [MEDIUM] Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR
Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR
---
# Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR
# Date: 03.08.2023
# Exploit Author: Miguel Santareno
# Vendor Homepage: https://www.myeventon.com/
# Version: 4.4
# Tested on: Google and Firefox latest version
# CVE : CVE-2023-3219
# 1. Description
The plugin does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.
# 2. Proof of Concept (PoC)
Proof of Concept:
https://example.com/wp-admin/admin-ajax.php?action=eventon_ics_download&event_id
Nuclei
EventON Lite < 2.1.2 - Arbitrary File Download
nuclei·CVSS 5.3
CVE-2023-3219 [MEDIUM] EventON Lite < 2.1.2 - Arbitrary File Download
EventON Lite < 2.1.2 - Arbitrary File Download
The plugin does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors
to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.
Template:
id: CVE-2023-3219
info:
name: EventON Lite < 2.1.2 - Arbitrary File Download
author: r3Y3r53
severity: medium
description: |
The plugin does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors
to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.
impact: |
Unauthenticated at
http://packetstormsecurity.com/files/173992/WordPress-EventON-Calendar-4.4-Insecure-Direct-Object-Reference.htmlhttps://wpscan.com/vulnerability/72d80887-0270-4987-9739-95b1a178c1fdhttp://packetstormsecurity.com/files/173992/WordPress-EventON-Calendar-4.4-Insecure-Direct-Object-Reference.htmlhttps://wpscan.com/vulnerability/72d80887-0270-4987-9739-95b1a178c1fd
2023-07-10
Published