The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set (for example for Zoom)
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: WPScan

Published: 2024-01-16T15:57:00.337Z

Updated: 2024-08-01T17:41:16.417Z

Reserved: 2024-01-04T14:13:27.704Z

Link: CVE-2024-0236

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2024-01-16T16:15:14.367

Modified: 2024-11-21T08:46:07.330

Link: CVE-2024-0236

cve-icon Redhat

No data.