CVE-2024-0235

Sažetak

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog

Reference

https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/
https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/

CVSS

Base:	5.3
Impact:	1.4
Exploitability:	3.9

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
LOW	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Zadnje važnije ažuriranje

20-06-2025 - 18:15

Objavljeno

16-01-2024 - 16:15