CVSS 3.1 Score 5.3 of 10 (medium)


Published Jan 16, 2024
Updated: Jan 19, 2024
CWE ID 862


CVE-2024-0236 is a vulnerability that affects the EventON WordPress plugin versions before 4.5.5 and 2.2.7. This vulnerability allows unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set, without proper authorization in an AJAX action. The affected products include a range of EventON and Zoom plugins. To remediate this vulnerability, it is recommended to update the EventON WordPress plugin to version 4.5.5 or 2.2.7, which include the necessary authorization checks. If left unpatched, this vulnerability poses a medium risk to organizations as it could lead to unauthorized access and compromise the security of virtual events and their associated passwords.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-0236 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options