CVE-2024-0238

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Published Jan 16, 2024

Updated: Feb 5, 2024

CWE ID 862

CWE ID 79

Summary

CVE-2024-0238 is a vulnerability affecting the EventON Premium and standard WordPress plugins before versions 4.5.6 and 2.2.8, respectively. Unauthenticated users can exploit this issue by manipulating AJAX actions, allowing them to update arbitrary post metadata without proper authorization or verification that the post belongs to the plugin. This vulnerability poses a significant risk for WordPress websites using these versions of EventON and could lead to unintended modifications of post data.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/uBr4rC
https://www.cve.org/CVERecord?id=CVE-2024-0238
https://nvd.nist.gov/vuln/detail/CVE-2024-0238

Back to Vulnerability Database

CVE-2024-0238

CVSS 3.1 Score 6.1 of 10 (medium)

Details

Summary

Advisories, Assessments, and Mitigations