Lucene search
K

362 matches found

CNNVD
CNNVD
added 2023/07/10 12:0 a.m.9 views

WordPress plugin EventON 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...

5.3CVSS6.8AI score0.37468EPSS
Exploits5References5
Patchstack
Patchstack
added 2023/06/22 12:0 a.m.13 views

WordPress EventON Plugin < 2.1.2 is vulnerable to Broken Access Control

Software EventON Type Plugin Vulnerable versions 2.1.2 Fixed in 2.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2796 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID de829ab567b4 Credits Miguel Santareno Required privilege...

5.3CVSS6.4AI score0.37468EPSS
Exploits5References4Affected Software1
Patchstack
Patchstack
added 2023/06/22 12:0 a.m.13 views

WordPress EventON Plugin < 2.1.2 is vulnerable to Insecure Direct Object References (IDOR)

Software EventON Type Plugin Vulnerable versions 2.1.2 Fixed in 2.1.2 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-3219 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9372395157b0 Credits Miguel Santareno Requir...

5.3CVSS6.4AI score0.06116EPSS
Exploits5References4Affected Software1
WPVulnDB
WPVulnDB
added 2023/06/19 12:0 a.m.28 views

EventON < 2.1.2 - Unauthenticated Event Access

The plugin lacks authentication and authorization in its eventonicsdownload ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id. PoC https://example.com/wp-admin/admin-ajax.php?action=eventonicsdownloadid=value...

5.3CVSS9.3AI score0.37468EPSS
Exploits5Affected Software1
Positive Technologies
Positive Technologies
added 2023/06/19 12:0 a.m.8 views

PT-2023-6980 · WordPress · Eventon

Name of the Vulnerable Software and Affected Versions: EventON WordPress plugin versions prior to 2.1.2 Description: The issue is related to the eventon ics download ajax action in the EventON WordPress plugin, where the event id parameter is not properly validated, allowing unauthorized access t...

7.8CVSS6.3AI score0.06116EPSS
Exploits5References8
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.151 views

EventON < 2.1.2 - Unauthenticated Event Access

The plugin lacks authentication and authorization in its eventonicsdownload ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id. https://example.com/wp-admin/admin-ajax.php?action=eventonicsdownload&eventid=value...

5.3CVSS9.6AI score0.37468EPSS
Exploits5
wpexploit
wpexploit
added 2023/06/19 12:0 a.m.244 views

EventON < 2.1.2 - Unauthenticated Post Access via IDOR

The plugin does not validate that the eventid parameter in its eventonicsdownload ajax action is a valid Event, allowing unauthenticated visitors to access any Post including unpublished or protected posts content via the ics export functionality by providing the numeric id of the post...

5.3CVSS9.2AI score0.06116EPSS
Exploits5
Patchstack
Patchstack
added 2020/12/01 12:0 a.m.23 views

WordPress eventON premium plugin <= 3.0.5 - Cross-Site Scripting (XSS) vulnerability

Cross-Site Scripting XSS vulnerability found by Mustafa GUNDOGDU b3kc4t in WordPress eventON premium plugin versions = 3.0.5. Solution 2020-12-01 - we were unable to find a patched version of this plugin...

6.1CVSS2.4AI score0.11696EPSS
Exploits2References2Affected Software1
CNVD
CNVD
added 2020/12/01 12:0 a.m.3 views

WordPress EventON Cross-Site Scripting Vulnerability

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress EventON plugin version 3.0.5 and earlier...

6.1CVSS5.8AI score0.11696EPSS
Exploits2References1
Exploit DB
Exploit DB
added 2020/12/01 12:0 a.m.523 views

Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting

Exploit Title: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting Date: 27.11.2020 Exploit Author: b3kc4t Mustafa GUNDOGDU Vendor Homepage: https://www.myeventon.com/ Version: 3.0.5 Tested on: Ubuntu 18.04 CVE : 2020-29395 Description Link:...

7.4AI score
Exploits0
Packet Storm
Packet Storm
added 2020/12/01 12:0 a.m.430 views

WordPress EventON Calendar 3.0.5 Cross Site Scripting

Exploit Title: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting Date: 27.11.2020 Exploit Author: b3kc4t Mustafa GUNDOGDU Vendor Homepage: https://www.myeventon.com/ Version: 3.0.5 Tested on: Ubuntu 18.04 CVE : 2020-29395 Description Link:...

6.4AI score0.11696EPSS
Exploits2
OSV
OSV
added 2020/11/30 8:15 p.m.5 views

CVE-2020-29395

The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field...

6.1CVSS6.4AI score0.11696EPSS
Exploits2References3
NVD
NVD
added 2020/11/30 8:15 p.m.19 views

CVE-2020-29395

The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field...

6.1CVSS6.1AI score0.11696EPSS
Exploits2References3
Prion
Prion
added 2020/11/30 8:15 p.m.13 views

Design/Logic Flaw

The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field...

4.3CVSS6AI score0.11696EPSS
Exploits2References3Affected Software1
CVE
CVE
added 2020/11/30 7:5 p.m.93 views

CVE-2020-29395

The CVE-2020-29395 entry applies to the WordPress EventON Calendar plugin, affecting version 3.0.5 and earlier. The vulnerability is a reflected XSS via the addons/?q= search field, allowing arbitrary script execution in the context of the affected site. The available connected documents confirm ...

6.1CVSS6AI score0.11696EPSS
Exploits2References3Affected Software1
Cvelist
Cvelist
added 2020/11/30 7:5 p.m.25 views

CVE-2020-29395

The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field...

6.1AI score0.11696EPSS
Exploits2References3
CNNVD
CNNVD
added 2020/11/30 12:0 a.m.6 views

WordPress plugin 跨站脚本漏洞

WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress EventON plugin version 3.0.5 and earlier...

6.1CVSS6.3AI score0.11696EPSS
Exploits2References6
Positive Technologies
Positive Technologies
added 2020/11/30 12:0 a.m.3 views

PT-2020-17158 · WordPress · Eventon

Name of the Vulnerable Software and Affected Versions: EventON plugin versions 3.0.5 and earlier Description: The issue allows for XSS via the search field in the addons/?q= endpoint. This is a security concern as it can be exploited to inject malicious scripts. Recommendations: For versions 3.0....

6.1CVSS5.9AI score0.11696EPSS
Exploits2References10
CNVD
CNVD
added 2017/03/09 12:0 a.m.3 views

JUX EventOn component id parameter SQL injection vulnerability

Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. The system provides RSS feeds , site search and other functions . A SQL injection vulnerability exists in the id parameter of the JUX EventOn component of Joomla! An attacker can...

7.9AI score
Exploits0References1
0day.today
0day.today
added 2017/03/05 12:0 a.m.31 views

Joomla JUX EventOn 1.0.1 Component - id Parameter SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: Joomla! Component JUX EventOn v1.0.1 - SQL Injection Google Dork: inurl:index.php?option=comjuxeventon Date: 04.03.2017 Vendor Homepage: http://joomlaux.com/ Software Buy:...

7.1AI score
Exploits0
Rows per page
Query Builder