Lucene search
K

108 matches found

Patchstack
Patchstack
added 2024/04/30 5:52 a.m.9 views

WordPress EventON plugin <= 2.2.14 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by Van Lyubov Patchstack Alliance in WordPress Plugin EventON versions = 2.2.14...

5.9CVSS6.1AI score0.00341EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/29 2:44 p.m.6 views

CVE-2023-7200 EventON < 4.4.1 - Reflected Cross-Site Scripting

The EventON WordPress plugin before 4.4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6AI score0.00426EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/01/29 12:0 a.m.5 views

PT-2024-15225 · WordPress · Eventon

Name of the Vulnerable Software and Affected Versions: EventON WordPress plugin versions prior to 4.4.1 Description: The issue is related to a Reflected Cross-Site Scripting problem. It occurs because a parameter is not properly sanitised and escaped before being outputted back in the page. This...

6.1CVSS6.3AI score0.00426EPSS
Exploits2References5
VulnCheck KEV
VulnCheck KEV
added 2024/01/22 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-2796

The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventonicsdownload ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id...

5.3CVSS6.8AI score0.37468EPSS
Exploits5References1
OSV
OSV
added 2024/01/16 4:15 p.m.4 views

CVE-2024-0236

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set for example for Zoom...

5.3CVSS5.9AI score
Exploits0References1
OSV
OSV
added 2024/01/16 4:15 p.m.6 views

CVE-2024-0235

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog...

5.3CVSS5.8AI score0.37957EPSS
Exploits3References1
OSV
OSV
added 2024/01/16 4:15 p.m.4 views

CVE-2024-0233

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS5.8AI score0.00366EPSS
Exploits1References1
OSV
OSV
added 2024/01/16 4:15 p.m.6 views

CVE-2023-6046

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.8AI score0.0043EPSS
Exploits2References1
OSV
OSV
added 2024/01/16 4:15 p.m.5 views

CVE-2023-6005

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example...

4.8CVSS5.8AI score0.0043EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/01/16 3:57 p.m.6 views

CVE-2024-0238 EventON (Free < 2.2.8, Premium < 4.5.6) - Unauthenticated Arbitrary Post Metadata Update

The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata...

6.4AI score0.00373EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/01/16 3:57 p.m.6 views

CVE-2024-0235 EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Email Address Disclosure

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog...

5.6AI score0.37957EPSS
Exploits3References1
Vulnrichment
Vulnrichment
added 2024/01/16 3:57 p.m.2 views

CVE-2024-0233 EventON (Free < 2.2.8, Premium < 4.5.5) - Reflected XSS

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6AI score0.00366EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/01/16 3:57 p.m.3 views

CVE-2023-6005 EventON (Free < 2.2.7, Premium < 4.5.5) - Admin+ Stored Cross-Site Scripting

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example...

4.6AI score0.0043EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/01/16 3:57 p.m.3 views

CVE-2024-0236 EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Virtual Event Password Disclosure

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set for example for Zoom...

5.4AI score0.00453EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/01/16 3:56 p.m.6 views

CVE-2024-0237 EventON (Free < 2.2.9, Premium <= 4.5.8) - Unauthenticated Virtual Event Settings Update

The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc...

5.3AI score0.00411EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/01/16 3:54 p.m.5 views

CVE-2023-6046 EventON < 2.2 - Admin+ Stored HTML Injection

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfilteredhtml capability is disallowed...

5AI score0.0043EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.5 views

WordPress plugin EventON security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.1CVSS6.8AI score0.00373EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.5 views

PT-2024-15400 · WordPress · Eventon

Name of the Vulnerable Software and Affected Versions: EventON WordPress plugin versions prior to 4.5.5 EventON WordPress plugin versions prior to 2.2.7 Description: The issue arises from the plugin's failure to properly sanitise and escape a parameter before outputting it back in pages. This lea...

6.1CVSS6.1AI score0.00366EPSS
Exploits1References5
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.3 views

WordPress plugin EventON security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

4.8CVSS6.7AI score0.0043EPSS
Exploits2References2
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.4 views

WordPress plugin EventON security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.3CVSS6.8AI score0.00453EPSS
Exploits1References2
Rows per page
Query Builder