EventON Lite < 2.1.2 - Arbitrary File Download

The plugin does not validate that the eventid parameter in its eventonicsdownload ajax action is a valid Event, allowing unauthenticated visitors to access any Post including unpublished or protected posts content via the ics export functionality by providing the numeric id of the post. id:...

EventON Lite <= 2.4 - Authenticated Local File Inclusion

Ashan Perera EventON contains a PHP remote file inclusion caused by improper control of filename in include/require statements, letting attackers include local files, exploit requires attacker to control include filename. id: CVE-2025-32614 info: name: EventON Lite = 2.4 - Authenticated Local Fil...

WordPress EventON Lite< 2.2.9 - Unauthenticated Virtual Event Settings Update vulnerability

Unauthenticated Virtual Event Settings Update vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 2.2.9...

EUVD-2025-25001

Malicious code in bioql PyPI...

CVE-2025-8091

The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the addsingleeventon and addeventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to...

CVE-2025-8091

The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the addsingleeventon and addeventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to...

CVE-2025-8091 EventON Lite <= 2.4.7 - Authenticated (Contributor+) Information Disclosure

The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the addsingleeventon and addeventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to...

CVE-2025-8091

CVE-2025-8091 affects EventON Lite for WordPress (versions &lt;= 2.4.6). Multiple sources confirm an Information Disclosure vulnerability via add_single_eventon/add_eventon shortcodes, enabling access to data from protected or draft posts. advisories converge on upgrading to 2.4.7+ (PTSecurity no...

CVE-2025-8091 EventON Lite <= 2.4.6 - Authenticated (Contributor+) Information Disclosure

The EventON Lite plugin for WordPress is vulnerable to Information Exposure in all versions less than, or equal to, 2.4.6 via the addsingleeventon and addeventon shortcodes due to insufficient restrictions on which posts can be included. This makes it possible for unauthenticated attackers to...

PT-2025-33465 · WordPress · Eventon Lite

Name of the Vulnerable Software and Affected Versions: EventON Lite versions prior to 2.4.7 Description: The EventON Lite plugin for WordPress is vulnerable to Information Exposure in versions prior to 2.4.7 via the add single eventon and add eventon shortcodes. Insufficient restrictions on post...

WordPress plugin EventON Lite 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An information disclosure...