362 matches found
CVE-2025-3527 EventON - WordPress Virtual Event Calendar Plugin <= 4.9.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting
The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings.js' file in all versions up to, and including, 4.9.6. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2025-3527
CVE-2025-3527 concerns the EventON Pro WordPress plugin (WordPress Virtual Event Calendar Plugin) up to version 4.9.6. The issue is a missing capability check in assets/lib/settings/settings.js that allows authenticated attackers with Subscriber-level access and above to inject arbitrary web scri...
WordPress plugin EventON Pro 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-21787 · WordPress · Eventon Pro
Name of the Vulnerable Software and Affected Versions: EventON Pro plugin for WordPress versions up to, and including, 4.9.6 Description: The issue is related to a missing capability check in the 'assets/lib/settings/settings.js' file, allowing authenticated attackers with Subscriber-level access...
WordPress EventON plugin <= 4.9.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Nguyễn Trung Kiên in WordPress Plugin EventON versions = 4.9.6...
CVE-2025-48116
Missing Authorization vulnerability in Ashan Perera EventON eventon-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through = 2.4.4...
CVE-2025-47564
Missing Authorization vulnerability in ashanjay EventON eventon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through = 4.9.8...
CVE-2025-47564 WordPress EventON plugin <= 4.9.8 - Broken Access Control vulnerability
Missing Authorization vulnerability in ashanjay EventON eventon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through = 4.9.8...
CVE-2025-47564
CVE-2025-47564 describes a Missing Authorization vulnerability in the WordPress plugin EventON (affected: n/a through 4.9.9) that allows accessing functionality not properly constrained by ACLs. The connected documents confirm a broken/access-control issue in EventON variants, with references ind...
CVE-2025-47564 WordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in ashanjay EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a through 4.9.9...
CVE-2025-48116
CVE-2025-48116 denotes a Missing Authorization vulnerability in the WordPress EventON plugin (versions up to and including 2.4.4) that allows accessing functionality not properly constrained by ACLs. CVSS 3.1 base score 5.3 (Medium). Remediation: update to a version later than 2.4.4 (e.g., 2.4.5+...
CVE-2025-48116 WordPress EventON plugin <= 2.4.4 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Ashan Perera EventON eventon-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through = 2.4.4...
CVE-2025-48116 WordPress EventON <= 2.4.4 - Broken Access Control Vulnerability
Missing Authorization vulnerability in Ashan Perera EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a through 2.4.4...
WordPress EventON plugin <= 4.9.8 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Nguyễn Trung Kiên anhchangmutrang in WordPress Plugin EventON versions = 4.9.8...
WordPress EventON plugin <= 2.4.4 - Broken Access Control Vulnerability
Broken Access Control Vulnerability discovered by astra.r3verii in WordPress Plugin EventON versions = 2.4.4...
WordPress plugin EventON 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-21712 · Eventon · Eventon
Name of the Vulnerable Software and Affected Versions: EventON versions n/a through 4.9.9 Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For versions n/a through 4.9.9, update to a...
WordPress plugin EventON 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2025-21722 · Eventon · Eventon
Name of the Vulnerable Software and Affected Versions: EventON versions through 2.4.4 Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For versions through 2.4.4, update to a version...
CVE-2025-47494
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ashan Perera EventON eventon-lite allows PHP Local File Inclusion.This issue affects EventON: from n/a through = 2.4.1...