5.3
CVE-2024-0237
- EPSS 0.29%
- Veröffentlicht 16.01.2024 16:15:14
- Zuletzt bearbeitet 02.06.2025 15:15:26
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
LoginEventON - WordPress Virtual Event Calendar Plugin <= 4.5.8 (Pro) & <= 2.2.7 (Free) - Missing Authorization via eventon_save_virtual_event_settings
The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc
Mögliche Gegenmaßnahme
EventON (Pro) - WordPress Virtual Event Calendar Plugin: Update to version 4.5.9, or a newer patched version
EventON – Events Calendar: Update to version 2.2.8, or a newer patched version
Weitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
EventON (Pro) - WordPress Virtual Event Calendar Plugin
Version
*-4.5.8
SystemWordPress Plugin
≫
Produkt
EventON – Events Calendar
Version
*-2.2.7
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.29% | 0.519 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.