What is CVE-2023-2796?

CVE-2023-2796 is a vulnerability in Eventon, classified under CWE-862 MISSING AUTHORIZATION. Published 2023-07-10.

Is CVE-2023-2796 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Eventon

CVE-2023-2796

The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.

EPSS: 0.715 (98.7th percentile) — read the EPSS interpretation.

Affected products

Unknown Eventon — versions 0

Public proof-of-concept exploits

20142995/nuclei-templates
NoTsPepino/Shodan-Dorking
nullfuzz-pentest/shodan-dorks

References

wpscan.com/vulnerability/e9ef793c-e5a3-4c55-beee-56b0909f7a0d (exploit, vdb-entry, technical-description)
packetstormsecurity.com/files/173984/WordPress-EventON-Calendar-4.4-Insecure-Di…

Frequently asked questions

What is CVE-2023-2796?: CVE-2023-2796 is a vulnerability in Eventon, classified under CWE-862 MISSING AUTHORIZATION. Published 2023-07-10.
Is CVE-2023-2796 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.