CVE-2023-2796

Name of the Vulnerable Software and Affected Versions EventON WordPress plugin versions prior to 2.1.2

Description The issue is related to a lack of authentication and authorization in the eventon ics download ajax action of the EventON WordPress plugin. This allows unauthenticated visitors to access private and password-protected events by guessing their numeric id. The vulnerability can be exploited remotely, potentially leading to unauthorized access to protected information.

Recommendations For versions prior to 2.1.2, update to version 2.1.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the eventon ics download ajax action until a patch is applied.