Lucene search
K

108 matches found

Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.9 views

PT-2024-15401 · WordPress · Eventon

Name of the Vulnerable Software and Affected Versions: EventON WordPress plugin versions prior to 4.5.5 EventON WordPress plugin versions prior to 2.2.7 Description: The issue allows unauthenticated users to retrieve email addresses of any users on the blog due to a lack of authorization in an AJ...

5.3CVSS5.2AI score0.37957EPSS
Exploits3References4
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.6 views

WordPress plugin EventON security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.3CVSS6.6AI score0.37957EPSS
Exploits3References2
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.4 views

PT-2024-15402 · Zoom · Zoom

Name of the Vulnerable Software and Affected Versions: EventON WordPress plugin versions prior to 4.5.5 EventON WordPress plugin versions prior to 2.2.7 Description: The issue allows unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set, du...

5.3CVSS5.4AI score0.00453EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2024/01/16 12:0 a.m.6 views

PT-2024-14856 · WordPress · Eventon

Name of the Vulnerable Software and Affected Versions: EventON WordPress plugin versions prior to 4.5.5 EventON WordPress plugin versions prior to 2.2.7 Description: The issue allows high privilege users, such as admins, to perform Stored Cross-Site Scripting attacks due to the lack of sanitizati...

4.8CVSS4.6AI score0.0043EPSS
Exploits2References5
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.3 views

WordPress plugin EventON security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

5.3CVSS6.7AI score0.00411EPSS
Exploits1References2
CNNVD
CNNVD
added 2024/01/16 12:0 a.m.5 views

WordPress plugin EventON security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

6.1CVSS6.8AI score0.00373EPSS
Exploits1References2
OSV
OSV
added 2024/01/11 3:15 p.m.2 views

CVE-2023-6242

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 for Pro & 2.2.7 for Free. This is due to missing or incorrect nonce validation on the evoeventpostupdatemeta function. This makes it...

4.3CVSS5.7AI score
Exploits0References3
OSV
OSV
added 2024/01/11 3:15 p.m.5 views

CVE-2023-6244

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 Pro & 2.2.8 Free. This is due to missing or incorrect nonce validation on the savevirtualeventsettings function. This makes it possibl...

4.3CVSS5.7AI score0.00253EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/11 2:32 p.m.4 views

CVE-2023-6244 EventON - WordPress Virtual Event Calendar Plugin <= 4.5.4 (Pro) & <= 2.2.8 (Free) - Cross-Site Request Forgery via save_virtual_event_settings

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 Pro & 2.2.8 Free. This is due to missing or incorrect nonce validation on the savevirtualeventsettings function. This makes it possibl...

6.5CVSS6.6AI score0.00253EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/01/11 12:0 a.m.4 views

PT-2024-14911 · WordPress · Eventon

Name of the Vulnerable Software and Affected Versions: The EventON - WordPress Virtual Event Calendar Plugin versions up to, and including, 4.5.4 Pro and 2.2.8 Free Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the save virtual eve...

6.5CVSS5.2AI score0.00253EPSS
Exploits0References8
OSV
OSV
added 2024/01/10 3:15 p.m.5 views

CVE-2023-6158

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evoeventpostupdatemeta function in all versions up to, and including, 4.5.4 for Pro and 2.2.7 for free. This make...

6.5CVSS5.9AI score0.00566EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/01/10 2:32 p.m.4 views

CVE-2023-6158 EventON - WordPress Virtual Event Calendar Plugin Pro <= 4.5.4 & Free <= 2.2.7 - Missing Authorization to Arbitrary Post Meta Update via evo_eventpost_update_meta

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evoeventpostupdatemeta function in all versions up to, and including, 4.5.4 for Pro and 2.2.7 for free. This make...

6.5CVSS6.8AI score0.00566EPSS
Exploits0References3
Patchstack
Patchstack
added 2024/01/10 12:0 a.m.26 views

WordPress EventON Plugin <= 2.2.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software EventON Type Plugin Vulnerable versions = 2.2.8 Fixed in 2.2.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6244 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8c97e0a9cf60 Credits Francesco Carlucci Required...

6.5CVSS6.6AI score0.00253EPSS
Exploits0References3Affected Software1
wpexploit
wpexploit
added 2024/01/05 12:0 a.m.188 views

EventON < 4.4.1 - Reflected Cross-Site Scripting

Description The plugin does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin Make a logged in admin open a page containing one of the code below: 2.6.x the cmonth a...

6.1CVSS6AI score0.00426EPSS
Exploits2
WPVulnDB
WPVulnDB
added 2023/10/26 12:0 a.m.15 views

EventON < 2.2.3 - Reflected Cross Site Scripting

Description The plugin does not sanitize and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high-privilege users such as admin...

6.1CVSS6.2AI score0.00618EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2023/10/21 8:15 a.m.1 views

CVE-2023-4635

The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

6.1CVSS6AI score0.00618EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2023/10/21 7:33 a.m.2 views

CVE-2023-4635 EventON <= 2.2.2 - Reflected Cross-Site Scripting

The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

6.1CVSS7AI score0.00618EPSS
Exploits1References3
Cvelist
Cvelist
added 2023/10/21 7:33 a.m.20 views

CVE-2023-4635 EventON <= 2.2.2 - Reflected Cross-Site Scripting

The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

6.1CVSS6.2AI score0.00618EPSS
Exploits1References3
Patchstack
Patchstack
added 2023/10/21 12:0 a.m.18 views

WordPress EventON Plugin <= 2.2.2 is vulnerable to Cross Site Scripting (XSS)

Software EventON Type Plugin Vulnerable versions = 2.2.2 Fixed in 2.2.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-4635 Patch priority Medium CVSS severity Medium 6.1 Developer Claim ownership PSID 2a9d3b757474 Credits Shuning Xu Required privilege...

6.1CVSS6.5AI score0.00618EPSS
Exploits1References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/10/16 7:39 p.m.6 views

CVE-2023-4388 EventON < 2.2 - Admin+ Stored XSS

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.6AI score0.00402EPSS
Exploits2References1
Rows per page
Query Builder