The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2023-07-10T12:41:20.078Z
Updated: 2024-08-02T06:48:08.313Z
Reserved: 2023-06-13T14:48:58.415Z
Link: CVE-2023-3219
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-07-10T16:15:55.250
Modified: 2023-11-07T04:18:14.830
Link: CVE-2023-3219
Redhat
No data.