Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2024-0235

CWE-862Missing Authorization5 documents5 sources
Severity
5.3MEDIUM
EPSS
82.3%
top 0.78%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Unknown EventonMyeventon Eventon
Timeline
PublishedJan 16

Description

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5unknown/eventon< 4.5.5+1
NVDmyeventon/eventon4.04.5.5+1

🔴Vulnerability Details

3
GHSA
GHSA-w32c-7vqv-h5gw: The EventON WordPress plugin before 42024-01-16
CVEList
EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Email Address Disclosure2024-01-16
VulnCheck
myeventon eventon Missing Authorization2024

💥Exploits & PoCs

1
Nuclei
EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
CVE-2024-0235 (MEDIUM CVSS 5.3) | The EventON WordPress plugin before | cvebase.io