CVE-2024-0236
EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Virtual Event Password DisclosureThe EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set (for example for Zoom)
We have discovered 10,791 live websites that are affected by CVE-2024-0236.
Affected Software
| Product | |
| Category | Appointment Scheduling |
| Vulnerable Domains | 10,791 live websites (60.38% of EventOn install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 171 versions ( 87.69% of all versions) |
Common Weakness Enumeration
CWE-862 Missing AuthorizationDetails
- Published - Jan 16, 2024
- Updated - Aug 1, 2024
Credits
- Erwan LR (WPScan) (finder)
- WPScan (coordinator)
CWE
CVE References
CWE References
CVE-2024-0236 usage by Country
 United States | 4,128 websites |
 Germany | 1,423 websites |
 France | 915 websites |
 Spain | 415 websites |
 GB | 399 websites |
 Netherlands | 357 websites |
 Italy | 288 websites |
 Switzerland | 226 websites |
 Brazil | 178 websites |
 Canada | 178 websites |
CVE-2024-0236 usage by TLD
| .com | 3,798 websites |
| .org | 1,265 websites |
| .de | 774 websites |
| .nl | 370 websites |
| .fr | 349 websites |
| .it | 260 websites |
| .co.uk | 247 websites |
| .es | 226 websites |
| .net | 213 websites |
| .ch | 193 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-0236
Top websites that are affected by CVE-2024-0236. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********************.org | United States | **,*** | |
| *****************.hr |  Croatia | **,*** | |
| ****.hr | Croatia | **,*** | |
| ***********.com | United States | **,*** | |
| ***.cat | Germany | **,*** | |
| ****.com | United States | **,*** | |
| *****************.fr | France | ***,*** | |
| *********************.org | Germany | ***,*** | |
| *******.**.ke |  Kenya | ***,*** | |
| **********.org | France | ***,*** |
FAQ
CVE-2024-0236 is Missing Authorization in EventOn
A total of 10,791 websites have been identified as vulnerable to CVE-2024-0236, discovered through global website indexing conducted by WebTechSurvey.
EventOn is susceptible to CVE-2024-0236 vulnerability.
EventOn versions before 4.5.5 are vulnerable to CVE-2024-0236.
Version 4.5.5 of EventOn addresses the CVE-2024-0236 security vulnerability.