EUVD-2023-58489

Malicious code in bioql PyPI...

CVE-2023-6243

The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admintestemail function. This makes it possible for unauthenticated...

CVE-2025-3527

The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings.js' file in all versions up to, and including, 4.9.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2025-3527

The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings.js' file in all versions up to, and including, 4.9.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

CVE-2025-3527

The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings.js' file in all versions up to, and including, 4.9.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

WordPress plugin EventON Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

PT-2025-21787 · WordPress · Eventon Pro

Name of the Vulnerable Software and Affected Versions: EventON Pro plugin for WordPress versions up to, and including, 4.9.6 Description: The issue is related to a missing capability check in the 'assets/lib/settings/settings.js' file, allowing authenticated attackers with Subscriber-level access...

CVE-2023-6243

The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admintestemail function. This makes it possible for unauthenticated...

CVE-2023-6243

The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admintestemail function. This makes it possible for unauthenticated...

CVE-2023-6243 EventON PRO - WordPress Virtual Event Calendar Plugin <= 4.6.8 - Cross-Site Request Forgery via admin_test_email

The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admintestemail function. This makes it possible for unauthenticated...

CVE-2023-6243

The CVE-2023-6243 entry concerns EventON Pro (WordPress) up to version 4.6.8, with a Cross-Site Request Forgery (CSRF) flaw in the admin_test_email function caused by missing or improper nonce validation. This can allow unauthenticated attackers to trigger test emails to arbitrary addresses by tr...

WordPress plugin EventON PRO 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL. WordPress plugin is an application plugin. A cross-site request forge...

WordPress EventON PRO plugin <= 4.6.8 - Cross-Site Request Forgery via admin_test_email vulnerability

Cross-Site Request Forgery via admintestemail vulnerability discovered by Francesco Carlucci in WordPress Plugin EventON Pro versions = 4.6.8...

WordPress EventON Pro Plugin <= 4.6.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software EventON Pro Type Plugin Vulnerable versions = 4.6.8 Fixed in 4.7 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6243 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3df0e9a42423 Credits Francesco Carlucci Require...

PT-2024-14910 · WordPress · Eventon Pro

Name of the Vulnerable Software and Affected Versions: The EventON PRO - WordPress Virtual Event Calendar Plugin plugin versions up to, and including, 4.6.8 Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the admin test email functio...

WordPress EventON Pro Plugin < 4.4.1 is vulnerable to Cross Site Scripting (XSS)

Software EventON Pro Type Plugin Vulnerable versions 4.4.1 Fixed in 4.4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7200 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f88412538f0b Credits kauenavarro Required...

WordPress Plugin EventON Pro Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site request forgery...

WordPress Plugin EventON Pro Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site request forgery...

WordPress EventON Pro Plugin <= 4.5.4 is vulnerable to Broken Access Control

Software EventON Pro Type Plugin Vulnerable versions = 4.5.4 Fixed in 4.5.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6158 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b43943b2a15f Credits Francesco Carlucci Required...

WordPress EventON Pro Plugin <= 4.5.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software EventON Pro Type Plugin Vulnerable versions = 4.5.4 Fixed in 4.5.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6244 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5cacf0b27060 Credits Francesco Carlucci...