CVE-2024-0235

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Jan 16, 2024

Updated: Jan 19, 2024

CWE ID 862

Summary

CVE-2024-0235 is a vulnerability affecting versions 4.5.4 and older of the EventON WordPress plugin, as well as versions 2.2.6 and older. This issue enables unauthenticated users to access email addresses of any users on the affected blog through an insecure AJAX action, posing a significant risk for privacy breaches. This vulnerability can be exploited remotely, making it crucial for users to update to the latest, secure versions of the plugin as soon as possible.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uBoaBP
https://www.cve.org/CVERecord?id=CVE-2024-0235
https://nvd.nist.gov/vuln/detail/CVE-2024-0235

Back to Vulnerability Database

CVE-2024-0235

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations