CVE-2023-3219
EventON < 2.1.2 - Unauthenticated Post Access via IDORThe EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.
We have discovered 61 live websites that are affected by CVE-2023-3219.
Contact us to get more info
Common Weakness Enumeration
CWE-639 Authorization Bypass Through User-Controlled Key
Distribution by Website Rank
The diagram provides a graphic representation of the correlation between the occurrence of CVE-2023-3219 and the relative popularity of websites