WordPress Plugin Vulnerabilities

EventON < 2.1.2 - Unauthenticated Event Access

Description

The plugin lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.

Proof of Concept

https://example.com/wp-admin/admin-ajax.php?action=eventon_ics_download&event_id=value

Affects Plugins

Plugin icon
eventon-lite
Fixed in 2.1.2
Plugin icon
eventON
Fixed in 4.4

References

CVE
CVE-2023-2796

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
7.5 (high)

Miscellaneous

Original Researcher
Miguel Santareno
Submitter
Miguel Santareno
Submitter website
https://miguelsantareno.github.io/
Submitter twitter
MiguelSantareno
Verified
Yes
WPVDB ID
e9ef793c-e5a3-4c55-beee-56b0909f7a0d

Timeline

Publicly Published
2023-06-19 (about 5 months ago)
Added
2023-06-19 (about 5 months ago)
Last Updated
2023-08-29 (about 3 months ago)

Other

Published
Title
Published
2021-12-08
Title
WP Google Map < 1.8.1 - Subscriber+ Map Creation/Update/Deletion
Published
2022-03-11
Title
Material Design for Contact Form 7 <= 2.6.4 - Subscriber+ Arbitrary Settings Update leading to DoS
Published
2023-11-13
Title
Essential Blocks for Gutenberg < 4.2.1 - Missing Authorization via AJAX actions
Published
2023-07-25
Title
Ninja Forms < 3.6.26 - Contributor+ Form Entries Export
Published
2022-11-01
Title
WatchTowerHQ < 3.6.16 - Unauthenticated Arbitrary File Deletion