daffainfo
/
nuclei-templates
mirror of https://github.com/daffainfo/nuclei-templates.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

update matcher

patch-1
Dhiyaneshwaran 2024-04-28 14:47:42 +05:30 committed by GitHub
parent bd4ead957c
commit a1a1b3f4cd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 14 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
http/cves/2024/CVE-2024-0235.yaml
View File

@ -1,10 +1,11 @@
id: CVE-2024-0235
info:
name: EventON WordPress Plugin Unauthorized Email Access
name: EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Email Address Disclosure
author: princechaddha
severity: medium
description: The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.
description: |
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.
impact: |
An attacker could potentially access sensitive email information.
remediation: |
@ -18,7 +19,7 @@ info:
cve-id: CVE-2024-0235
cwe-id: CWE-862
epss-score: 0.00052
epss-percentile: 0.19212
epss-percentile: 0.19233
cpe: cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*
metadata:
vendor: myeventon
@ -26,7 +27,8 @@ info:
framework: wordpress
shodan-query: vuln:CVE-2023-2796
fofa-query: wp-content/plugins/eventon/
tags: cve,cve2024,wp,wordpress,unauth,exposure
publicwww-query: "wp-content/plugins/eventon/"
tags: cve,cve2024,wp,wordpress,unauth,exposure,eventon,wpscan
http:
- method: POST
@ -38,8 +40,15 @@ http:
body: "_user_role=administrator"
matchers-condition: and
matchers:
- type: word
words:
- "@"
- '@'
- '"status":'
- '"content":'
part: body
- type: status
status:
- 200