CVE-2024-0235

MEDIUM EXPLOITED NUCLEI

Eventon < 2.2.7 - Missing Authorization

Title source: rule

Description

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog

Exploits (3)

nomisec WORKING POC

by Nxploited · infoleak

https://github.com/Nxploited/CVE-2024-0235-PoC

View Code ZIP pw:eip

github WORKING POC

by Boshe99 · pythonpoc

https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2024-0235-PoC

View Code ZIP pw:eip

nomisec SCANNER

by Cappricio-Securities · poc

https://github.com/Cappricio-Securities/CVE-2024-0235

View Code ZIP pw:eip

Nuclei Templates (1)

EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure

MEDIUMby ProjectDiscoveryAI

Shodan: vuln:CVE-2023-2796 || http.html:/wp-content/plugins/eventon-lite/ || http.html:/wp-content/plugins/eventon/

FOFA: wp-content/plugins/eventon/ || body=/wp-content/plugins/eventon/ || body=/wp-content/plugins/eventon-lite/

References (1)

[Third Party Advisory] https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/

Scores

CVSS v3 5.3

EPSS 0.8651

EPSS Percentile 99.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Exploitation Intel

VulnCheck KEV 2025-08-23

Classification

CWE

CWE-862

Status published

Affected Products (1)

myeventon/eventon < 2.2.7

Timeline

Published Jan 16, 2024

Tracked Since Feb 18, 2026