Lucene search
WPScanCVE-2024-0238HistoryJan 16, 2024 - 4:15 p.m.
CVE-2024-0238
2024-01-1616:15:14
CWE-862
CWE-79
WPScan
web.nvd.nist.gov
17
eventon
wordpress plugin
cve-2024-0238
security
vulnerability
ajax action
unauthenticated users
post metadata.
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
20.5%
The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata.
Affected configurations
Node
myeventoneventonRange<2.2.7wordpress
ORmyeventoneventonRange4.0–4.5.5wordpress
CNA Affected
[
{
"vendor": "Unknown",
"product": "EventON Premium",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "4.5.6"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Unknown",
"product": "EventON",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "2.2.8"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
prion
prion
Code injection
2024-01-16 16:15:00
cvelist
cvelist
wpvulndb
wpvulndb
wpexploit
wpexploit
nvd
nvd
CVE-2024-0238
2024-01-16 16:15:14
CVSS3
6.1
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
EPSS
0.001
Percentile
20.5%
Related for CVE-2024-0238