The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-07-10T12:40:07.475Z
Updated: 2024-08-02T06:33:05.556Z
Reserved: 2023-05-18T13:09:17.354Z
Link: CVE-2023-2796
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-07-10T16:15:51.497
Modified: 2023-11-07T04:13:20.800
Link: CVE-2023-2796
Redhat
No data.