5.3
CVE-2024-0236
- EPSS 0.47%
- Veröffentlicht 16.01.2024 16:15:14
- Zuletzt bearbeitet 20.06.2025 18:15:25
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginEventON - WordPress Virtual Event Calendar Plugin <= 4.5.4 (Pro) & <= 2.2.7 (Free) - Missing Authorization via config_virtual_event
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set (for example for Zoom)
Mögliche Gegenmaßnahme
EventON (Pro) - WordPress Virtual Event Calendar Plugin: Update to version 4.5.5, or a newer patched version
EventON – Events Calendar: Update to version 2.2.8, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
EventON (Pro) - WordPress Virtual Event Calendar Plugin
Version
*-4.5.4
SystemWordPress Plugin
≫
Produkt
EventON – Events Calendar
Version
*-2.2.7
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.47% | 0.639 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.