← back
CVE-2024-0235

EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Email Address Disclosure

CVSS 5.3 MEDIUMEPSS 38.0%
Vexday Risk Score
25Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.3EPSS 38.0%KEV nãoPoC Patch
Lifecycle
16 Jan 2024Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Affected products
Unknown · EventON

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/