CVE-2024-0237
Published Jan 16, 2024
Last updated 9 months ago
Overview
- Description
- The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc
- Source
- contact@wpscan.com
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 5.3
- Impact score
- 1.4
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
- Severity
- MEDIUM
Weaknesses
- nvd@nist.gov
- CWE-862
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "150D2D60-69AA-4027-AC89-D3929C2C5ECA",
"versionEndExcluding": "2.2.7"
},
{
"criteria": "cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*",
"vulnerable": true,
"matchCriteriaId": "57B6B80A-D3E7-4D93-B2BA-4A823879356F",
"versionEndExcluding": "4.5.5",
"versionStartIncluding": "4.0"
}
],
"operator": "OR"
}
]
}
]