Overview
- Description
- The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admin_test_email function. This makes it possible for unauthenticated attackers to send test emails to arbitrary email addresses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
- Source
- security@wordfence.com
- NVD status
- Analyzed
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 4.3
- Impact score
- 1.4
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- security@wordfence.com
- CWE-352
Social media
- Hype score
- Not currently trending
🔒 CVE-2023-6243 (Published: 2024-10-19) - A medium severity vulnerability affects Wordfence. Ensure your installations are updated to the latest version to mitigate risks. For detailed remediation steps, check out the full report: https://t.co/Mh1Npaxtbr #CyberSecurity
@transilienceai
21 Oct 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2023-6243 (Published: 2024-10-19) - A medium severity vulnerability affecting Wordfence. Ensure your installations are updated to the latest versions to mitigate risks. For detailed remediation steps, check out the full report: https://t.co/Mh1Npaxtbr #CyberSecurity… https
@transilienceai
21 Oct 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2023-6243 (Published: 2024-10-19) - High severity vulnerability in EventON. Affects specific versions. Ensure your installation is updated to the latest version to mitigate risks. Check the changelog for details: https://t.co/jprmGWWvkG #CyberSecurity #VulnerabilityAlert
@transilienceai
21 Oct 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🔒 CVE-2023-6243 (Published: 2024-10-19) - A high-severity vulnerability in EventON affects multiple versions. Users are urged to update to the latest release to mitigate risks. For detailed remediation steps, check the changelog: https://t.co/jprmGWWvkG #CyberSecurity… https://t
@transilienceai
21 Oct 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2023-6243 (Published: 2024-10-19) - High severity vulnerability in EventON. Affects multiple versions. Ensure your installation is updated to the latest release to mitigate risks. For detailed changelog and remediation steps, visit: https://t.co/jprmGWWvkG #CyberSecurity…
@transilienceai
21 Oct 2024
3 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2023-6243 Cross-Site Request Forgery Vulnerability in EventON PRO Plugin The EventON PRO plugin, a WordPress Virtual Event Calendar Plugin, is vulnerable to Cross-Site Request Forgery (CSRF) in all versions u... https://t.co/t0jpBFZOXl
@VulmonFeeds
51 Impressions
1 Retweet
1 Like
1 Bookmark
0 Replies
0 Quotes
CVE-2023-6243 The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. … https://t.co/DPNevytIuM
@CVEnew
700 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:myeventon:eventon-lite:*:*:*:*:pro:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "CF268D2A-557C-400A-97CB-F0F93D5EF2EE",
"versionEndExcluding": "4.7"
}
],
"operator": "OR"
}
]
}
]