The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admin_test_email function. This makes it possible for unauthenticated attackers to send test emails to arbitrary email addresses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
References
Configurations
No configuration.
History
21 Oct 2024, 17:10
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
19 Oct 2024, 07:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-10-19 07:15
Updated : 2024-10-21 17:10
NVD link : CVE-2023-6243
Mitre link : CVE-2023-6243
CVE.ORG link : CVE-2023-6243
JSON object : View
Products Affected
No product.
CWE
CWE-352
Cross-Site Request Forgery (CSRF)