Vulnerabilities > CVE-2024-0235 - Missing Authorization vulnerability in Myeventon Eventon

047910
CVSS 5.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
myeventon
CWE-862

Summary

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog

Vulnerable Configurations

Part Description Count
Application
Myeventon
99

Common Weakness Enumeration (CWE)