CVE-2024-0237

MEDIUM

EventON WordPress Plugin < 2.2.7 - Unauthenticated Missing Authorization in AJAX Actions

Title source: llm
STIX 2.1

Description

The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc

References (1)

Core 1
Core References
Third Party Advisory exploit vdb-entry technical-description
https://wpscan.com/vulnerability/73d1b00e-1f17-4d9a-bfc8-6bc43a46b90b/

Scores

CVSS v3 5.3
EPSS 0.0041
EPSS Percentile 33.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-862
Status published
Products (1)
myeventon/eventon < 2.2.7
Published Jan 16, 2024
Tracked Since Feb 18, 2026