Vulnerabilities

CVE-2024-0237

by Fred · 16/01/2024

The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc

More information : https://wpscan.com/vulnerability/73d1b00e-1f17-4d9a-bfc8-6bc43a46b90b/

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : NONE
User interaction : NONE
Confidentiality impact : NONE
Integrity impact : LOW
Base score : 5.3
Base severity : MEDIUM
Exploitability score : 3.9
Impact score : 1.4

Similar

Tags: Cybersecurity Alert