The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set (for example for Zoom)
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: WPScan
Published: 2024-01-16T15:57:00.337Z
Updated: 2024-08-01T17:41:16.417Z
Reserved: 2024-01-04T14:13:27.704Z
Link: CVE-2024-0236
Vulnrichment
No data.
NVD
Status : Modified
Published: 2024-01-16T16:15:14.367
Modified: 2024-11-21T08:46:07.330
Link: CVE-2024-0236
Redhat
No data.