362 matches found
WordPress plugin EventON 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability exists in...
WordPress EventON Plugin < 2.1.2 is vulnerable to Broken Access Control
Software EventON Type Plugin Vulnerable versions 2.1.2 Fixed in 2.1.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2796 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID de829ab567b4 Credits Miguel Santareno Required privilege...
WordPress EventON Plugin < 2.1.2 is vulnerable to Insecure Direct Object References (IDOR)
Software EventON Type Plugin Vulnerable versions 2.1.2 Fixed in 2.1.2 OWASP Top 10 A1: Broken Access Control Classification Insecure Direct Object References IDOR CVE CVE-2023-3219 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 9372395157b0 Credits Miguel Santareno Requir...
EventON < 2.1.2 - Unauthenticated Event Access
The plugin lacks authentication and authorization in its eventonicsdownload ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id. PoC https://example.com/wp-admin/admin-ajax.php?action=eventonicsdownloadid=value...
PT-2023-6980 · WordPress · Eventon
Name of the Vulnerable Software and Affected Versions: EventON WordPress plugin versions prior to 2.1.2 Description: The issue is related to the eventon ics download ajax action in the EventON WordPress plugin, where the event id parameter is not properly validated, allowing unauthorized access t...
EventON < 2.1.2 - Unauthenticated Event Access
The plugin lacks authentication and authorization in its eventonicsdownload ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id. https://example.com/wp-admin/admin-ajax.php?action=eventonicsdownload&eventid=value...
EventON < 2.1.2 - Unauthenticated Post Access via IDOR
The plugin does not validate that the eventid parameter in its eventonicsdownload ajax action is a valid Event, allowing unauthenticated visitors to access any Post including unpublished or protected posts content via the ics export functionality by providing the numeric id of the post...
WordPress eventON premium plugin <= 3.0.5 - Cross-Site Scripting (XSS) vulnerability
Cross-Site Scripting XSS vulnerability found by Mustafa GUNDOGDU b3kc4t in WordPress eventON premium plugin versions = 3.0.5. Solution 2020-12-01 - we were unable to find a patched version of this plugin...
WordPress EventON Cross-Site Scripting Vulnerability
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress EventON plugin version 3.0.5 and earlier...
Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting
Exploit Title: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting Date: 27.11.2020 Exploit Author: b3kc4t Mustafa GUNDOGDU Vendor Homepage: https://www.myeventon.com/ Version: 3.0.5 Tested on: Ubuntu 18.04 CVE : 2020-29395 Description Link:...
WordPress EventON Calendar 3.0.5 Cross Site Scripting
Exploit Title: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting Date: 27.11.2020 Exploit Author: b3kc4t Mustafa GUNDOGDU Vendor Homepage: https://www.myeventon.com/ Version: 3.0.5 Tested on: Ubuntu 18.04 CVE : 2020-29395 Description Link:...
CVE-2020-29395
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field...
CVE-2020-29395
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field...
Design/Logic Flaw
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field...
CVE-2020-29395
The CVE-2020-29395 entry applies to the WordPress EventON Calendar plugin, affecting version 3.0.5 and earlier. The vulnerability is a reflected XSS via the addons/?q= search field, allowing arbitrary script execution in the context of the affected site. The available connected documents confirm ...
CVE-2020-29395
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field...
WordPress plugin 跨站脚本漏洞
WordPress is a set of blogging platforms developed using the PHP language by the WordPress Wordpress Foundation. The platform supports setting up personal blog sites on servers with PHP and MySQL. A cross-site scripting vulnerability exists in WordPress EventON plugin version 3.0.5 and earlier...
PT-2020-17158 · WordPress · Eventon
Name of the Vulnerable Software and Affected Versions: EventON plugin versions 3.0.5 and earlier Description: The issue allows for XSS via the search field in the addons/?q= endpoint. This is a security concern as it can be exploited to inject malicious scripts. Recommendations: For versions 3.0....
JUX EventOn component id parameter SQL injection vulnerability
Joomla! is the United States Open Source Matters team developed a set of open source content management system CMS. The system provides RSS feeds , site search and other functions . A SQL injection vulnerability exists in the id parameter of the JUX EventOn component of Joomla! An attacker can...
Joomla JUX EventOn 1.0.1 Component - id Parameter SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Joomla! Component JUX EventOn v1.0.1 - SQL Injection Google Dork: inurl:index.php?option=comjuxeventon Date: 04.03.2017 Vendor Homepage: http://joomlaux.com/ Software Buy:...