PT-2026-23319

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ashanjay EventON eventon allows Reflected XSS.This issue affects EventON: from n/a through = 4.9.12...

CVE-2025-63064

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ashanjay EventON eventon allows Stored XSS.This issue affects EventON: from n/a through = 4.9.12...

EUVD-2025-19980

Malicious code in bioql PyPI...

EUVD-2025-15506

Malicious code in bioql PyPI...

EUVD-2024-34520

Malicious code in bioql PyPI...

CVE-2025-47565

Missing Authorization vulnerability in ashanjay EventON eventon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventON: from n/a through = 4.9.9...

CVE-2025-47565 WordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in ashanjay EventON eventon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventON: from n/a through = 4.9.9...

CVE-2024-33940

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashan Jay EventON allows Stored XSS.This issue affects EventON: from n/a through 2.2.14...

CVE-2025-48116

Missing Authorization vulnerability in Ashan Perera EventON eventon-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through = 2.4.4...

WordPress EventON plugin <= 4.9.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Nguyễn Trung Kiên in WordPress Plugin EventON versions = 4.9.6...

CVE-2025-47564

Missing Authorization vulnerability in ashanjay EventON eventon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through = 4.9.8...

CVE-2025-47564

CVE-2025-47564 describes a Missing Authorization vulnerability in the WordPress plugin EventON (affected: n/a through 4.9.9) that allows accessing functionality not properly constrained by ACLs. The connected documents confirm a broken/access-control issue in EventON variants, with references ind...

PT-2025-21712 · Eventon · Eventon

Name of the Vulnerable Software and Affected Versions: EventON versions n/a through 4.9.9 Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For versions n/a through 4.9.9, update to a...

CVE-2025-47494

CVE-2025-47494 concerns the WordPress plugin EventON (EventON-lite) with an Authenticated Local File Inclusion vulnerability. The issue stems from improper control of filenames used in PHP include/require, enabling LFI for attackers who have authenticated access. Affected software versions are Ev...

CVE-2025-32614

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ashan Perera EventON eventon-lite allows PHP Local File Inclusion.This issue affects EventON: from n/a through = 2.4...

CVE-2025-32614

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ashan Perera EventON eventon-lite allows PHP Local File Inclusion.This issue affects EventON: from n/a through = 2.4...

CVE-2025-32160

CVE-2025-32160 applies to the WordPress plugin “EventON” (Ashan Perera EventON). The vulnerability is described as Improper Control of Filename for Include/Require Statement (PHP Remote File Inclusion) that affects EventON versions from n/a through 2.3.2, with a CVSS v3.1 base score of 7.5 (High)...

WordPress plugin EventON security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress plugin EventON security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2024-14861 · WordPress · Eventon

Name of the Vulnerable Software and Affected Versions: EventON WordPress plugin versions prior to 2.2 Description: The issue allows high privilege users, such as admin, to perform Stored HTML Injection attacks even when the unfiltered html capability is disallowed, due to the plugin not sanitizin...