Vulnerabilities

CVE-2024-0235

by Fred · 16/01/2024

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog

More information : https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : NONE
User interaction : NONE
Confidentiality impact : LOW
Integrity impact : NONE
Base score : 5.3
Base severity : MEDIUM
Exploitability score : 3.9
Impact score : 1.4

Similar

Tags: Cybersecurity Alert