Vulnerabilities

CVE-2024-0236

by Fred · 16/01/2024

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set (for example for Zoom)

More information : https://wpscan.com/vulnerability/09aeb6f2-6473-4de7-8598-e417049896d7/

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : NONE
User interaction : NONE
Confidentiality impact : LOW
Integrity impact : NONE
Base score : 5.3
Base severity : MEDIUM
Exploitability score : 3.9
Impact score : 1.4

Similar

Tags: Cybersecurity Alert