Lucene search
WPScanCVELIST:CVE-2024-0235HistoryJan 16, 2024 - 3:57 p.m.
CVE-2024-0235 EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Email Address Disclosure
2024-01-1615:57:04
WPScan
www.cve.org
cve-2024-0235
eventon
wordpress plugin
unauthenticated
email address
disclosure
ajax action
0.004 Low
EPSS
Percentile
73.4%
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog
CNA Affected
[
{
"vendor": "Unknown",
"product": "EventON",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "4.5.5"
}
],
"defaultStatus": "unaffected"
},
{
"vendor": "Unknown",
"product": "EventON",
"versions": [
{
"status": "affected",
"versionType": "semver",
"version": "0",
"lessThan": "2.2.7"
}
],
"defaultStatus": "unaffected",
"collectionURL": "https://wordpress.org/plugins"
}
]Related
prion
prion
Code injection
2024-01-16 16:15:00
nvd
nvd
CVE-2024-0235
2024-01-16 16:15:14
wpvulndb
wpvulndb
githubexploit
githubexploit
Exploit for Missing Authorization in Myeventon Eventon
2024-06-03 14:21:48
wpexploit
wpexploit
cve
cve
CVE-2024-0235
2024-01-16 16:15:14
nuclei
nuclei
EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
2024-04-28 06:04:28