Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR

vendor:

EventON Calendar

by:

Miguel Santareno

5.3

CVSS

MEDIUM

Unauthenticated Post Access via IDOR

284

CWE

Product Name: EventON Calendar

Affected Version From: 4.4

Affected Version To: 4.4

Patch Exists: NO

Related CWE: CVE-2023-3219

CPE: a:eventon_calendar:wordpress_plugin_eventon_calendar:4.4

Metasploit:

Other Scripts:

Platforms Tested: Google and Firefox latest version

2023

WordPress Plugin EventON Calendar 4.4 – Unauthenticated Post Access via IDOR

The plugin does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.

Mitigation:

No mitigation provided

Source

Exploit-DB raw data:

# Exploit Title: Wordpress Plugin EventON Calendar 4.4 - Unauthenticated Post Access via IDOR
# Date: 03.08.2023
# Exploit Author: Miguel Santareno
# Vendor Homepage: https://www.myeventon.com/
# Version: 4.4
# Tested on: Google and Firefox latest version
# CVE : CVE-2023-3219

# 1. Description
The plugin does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.


# 2. Proof of Concept (PoC)
Proof of Concept:
https://example.com/wp-admin/admin-ajax.php?action=eventon_ics_download&event_id=<any post id>