Lucene search
K

362 matches found

Cvelist
Cvelist
added 2025/05/17 11:17 a.m.24 views

CVE-2025-3527 EventON - WordPress Virtual Event Calendar Plugin <= 4.9.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings.js' file in all versions up to, and including, 4.9.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

6.4CVSS0.00179EPSS
Exploits0References2
CVE
CVE
added 2025/05/17 11:17 a.m.54 views

CVE-2025-3527

CVE-2025-3527 concerns the EventON Pro WordPress plugin (WordPress Virtual Event Calendar Plugin) up to version 4.9.6. The issue is a missing capability check in assets/lib/settings/settings.js that allows authenticated attackers with Subscriber-level access and above to inject arbitrary web scri...

6.4CVSS6.2AI score0.00179EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2025/05/17 12:0 a.m.5 views

WordPress plugin EventON Pro 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

6.4CVSS6.8AI score0.00179EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/05/17 12:0 a.m.7 views

PT-2025-21787 · WordPress · Eventon Pro

Name of the Vulnerable Software and Affected Versions: EventON Pro plugin for WordPress versions up to, and including, 4.9.6 Description: The issue is related to a missing capability check in the 'assets/lib/settings/settings.js' file, allowing authenticated attackers with Subscriber-level access...

6.4CVSS6.8AI score0.00179EPSS
Exploits0References8
Patchstack
Patchstack
added 2025/05/16 10:33 p.m.7 views

WordPress EventON plugin <= 4.9.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability

Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Nguyễn Trung Kiên in WordPress Plugin EventON versions = 4.9.6...

6.4CVSS6.3AI score0.00179EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2025/05/16 4:15 p.m.8 views

CVE-2025-48116

Missing Authorization vulnerability in Ashan Perera EventON eventon-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through = 2.4.4...

5.3CVSS0.00278EPSS
Exploits0References1
NVD
NVD
added 2025/05/16 4:15 p.m.17 views

CVE-2025-47564

Missing Authorization vulnerability in ashanjay EventON eventon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through = 4.9.8...

5.3CVSS0.00343EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/16 3:45 p.m.28 views

CVE-2025-47564 WordPress EventON plugin <= 4.9.8 - Broken Access Control vulnerability

Missing Authorization vulnerability in ashanjay EventON eventon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through = 4.9.8...

5.3CVSS0.00343EPSS
Exploits0References1
CVE
CVE
added 2025/05/16 3:45 p.m.24 views

CVE-2025-47564

CVE-2025-47564 describes a Missing Authorization vulnerability in the WordPress plugin EventON (affected: n/a through 4.9.9) that allows accessing functionality not properly constrained by ACLs. The connected documents confirm a broken/access-control issue in EventON variants, with references ind...

5.3CVSS7.2AI score0.00343EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/16 3:45 p.m.8 views

CVE-2025-47564 WordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in ashanjay EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a through 4.9.9...

5.3CVSS6.9AI score0.00343EPSS
Exploits0References1
CVE
CVE
added 2025/05/16 3:45 p.m.26 views

CVE-2025-48116

CVE-2025-48116 denotes a Missing Authorization vulnerability in the WordPress EventON plugin (versions up to and including 2.4.4) that allows accessing functionality not properly constrained by ACLs. CVSS 3.1 base score 5.3 (Medium). Remediation: update to a version later than 2.4.4 (e.g., 2.4.5+...

5.3CVSS7.2AI score0.00278EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/05/16 3:45 p.m.17 views

CVE-2025-48116 WordPress EventON plugin <= 2.4.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Ashan Perera EventON eventon-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through = 2.4.4...

5.3CVSS0.00278EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/05/16 3:45 p.m.7 views

CVE-2025-48116 WordPress EventON <= 2.4.4 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Ashan Perera EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a through 2.4.4...

5.3CVSS6.9AI score0.00278EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/05/16 12:46 p.m.6 views

WordPress EventON plugin <= 4.9.8 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nguyễn Trung Kiên anhchangmutrang in WordPress Plugin EventON versions = 4.9.8...

5.3CVSS8.4AI score0.00343EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2025/05/16 10:22 a.m.6 views

WordPress EventON plugin <= 2.4.4 - Broken Access Control Vulnerability

Broken Access Control Vulnerability discovered by astra.r3verii in WordPress Plugin EventON versions = 2.4.4...

5.3CVSS8.2AI score0.00278EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2025/05/16 12:0 a.m.4 views

WordPress plugin EventON 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.3AI score0.00343EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/05/16 12:0 a.m.5 views

PT-2025-21712 · Eventon · Eventon

Name of the Vulnerable Software and Affected Versions: EventON versions n/a through 4.9.9 Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For versions n/a through 4.9.9, update to a...

5.3CVSS6AI score0.00343EPSS
Exploits0References3
CNNVD
CNNVD
added 2025/05/16 12:0 a.m.3 views

WordPress plugin EventON 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.3CVSS6.3AI score0.00278EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2025/05/16 12:0 a.m.10 views

PT-2025-21722 · Eventon · Eventon

Name of the Vulnerable Software and Affected Versions: EventON versions through 2.4.4 Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For versions through 2.4.4, update to a version...

5.3CVSS6AI score0.00278EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/09 3:24 p.m.7 views

CVE-2025-47494

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ashan Perera EventON eventon-lite allows PHP Local File Inclusion.This issue affects EventON: from n/a through = 2.4.1...

7.5CVSS7.2AI score0.0061EPSS
Exploits0References1
Rows per page
Query Builder