What is CVE-2024-0235?

CVE-2024-0235 is a vulnerability in Eventon, classified under CWE-862 MISSING AUTHORIZATION. Published 2024-01-16.

Is CVE-2024-0235 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Eventon

CVE-2024-0235

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog

EPSS: 0.865 (99.4th percentile) — read the EPSS interpretation.

Affected products

Unknown Eventon — versions 0

Public proof-of-concept exploits

Nxploited/CVE-2024-0235-PoC
Cappricio-Securities/CVE-2024-0235
20142995/nuclei-templates
fkie-cad/nvd-json-data-feeds
nomi-sec/PoC-in-GitHub

References

wpscan.com/vulnerability/e370b99a-f485-42bd-96a3-60432a15a4e9/ (exploit, vdb-entry, technical-description)

Frequently asked questions

What is CVE-2024-0235?: CVE-2024-0235 is a vulnerability in Eventon, classified under CWE-862 MISSING AUTHORIZATION. Published 2024-01-16.
Is CVE-2024-0235 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.