109 matches found
CVE-2026-9711
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress full is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL quer...
CVE-2026-9711 EventON - WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL Injection via Search Parameter
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress full is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL quer...
EUVD-2026-40273
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress full is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL quer...
PT-2026-53836
Name of the Vulnerable Software and Affected Versions EventON - WordPress Virtual Event Calendar Plugin versions prior to 5.0.12 Description An issue exists where unauthenticated attackers can perform SQL Injection, a technique used to interfere with the queries that an application makes to its...
CVE-2026-28037
CVE-2026-28037 is a reflected XSS vulnerability in the WordPress EventON plugin (versions up to 4.9.12). The issue arises from improper neutralization of input during web page generation, enabling an attacker-controlled input to be reflected back to the user’s browser. The CVSS vector in the init...
WordPress plugin EventON 跨站脚本漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
WordPress EventON plugin <= 4.9.12 - Reflected Cross Site Scripting (XSS) vulnerability
Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin EventON versions = 4.9.12...
WordPress EventON Lite < 2.2.8 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 2.2.8...
WordPress EventON < 2.2.8 - Unauthenticated Email Address Disclosure vulnerability
Unauthenticated Email Address Disclosure vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 2.2.8...
WordPress EventON < 2.2.8 - Unauthenticated Virtual Event Password Disclosure vulnerability
Unauthenticated Virtual Event Password Disclosure vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 2.2.8...
CVE-2023-4388
The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...
CVE-2023-4635
The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...
EUVD-2025-201965
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ashanjay EventON eventon allows Stored XSS.This issue affects EventON: from n/a through = 4.9.12...
CVE-2025-63064 WordPress EventON plugin <= 4.9.12 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ashanjay EventON eventon allows Stored XSS.This issue affects EventON: from n/a through = 4.9.12...
CVE-2025-63064
CVE-2025-63064 concerns a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin EventON (versions
CVE-2025-63064 WordPress EventON plugin <= 4.9.12 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ashanjay EventON eventon allows Stored XSS.This issue affects EventON: from n/a through = 4.9.12...
WordPress plugin EventON 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
WordPress EventON plugin <= 4.9.12 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin EventON versions = 4.9.12...
EUVD-2023-58408
Malicious code in bioql PyPI...
EUVD-2024-16035
Malicious code in bioql PyPI...