Lucene search
K

362 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 9:32 a.m.9 views

CVE-2024-0235

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog...

5.3CVSS6.8AI score0.37957EPSS
Exploits3References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:32 a.m.16 views

CVE-2024-0237

The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc...

5.3CVSS6.9AI score0.00411EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:31 a.m.8 views

CVE-2024-0233

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6.1AI score0.00366EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:36 a.m.8 views

CVE-2024-4752

The EventON WordPress plugin before 2.2.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

5.9CVSS5.7AI score0.00398EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:58 a.m.8 views

CVE-2024-33940

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashan Jay EventON allows Stored XSS.This issue affects EventON: from n/a through 2.2.14...

5.9CVSS5.2AI score0.00341EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:58 a.m.6 views

CVE-2023-6046

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS6.5AI score0.0043EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/23 4:58 a.m.11 views

CVE-2023-6158

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evoeventpostupdatemeta function in all versions up to, and including, 4.5.4 for Pro and 2.2.7 for free. This make...

6.5CVSS7AI score0.00566EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:58 a.m.8 views

CVE-2023-6242

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 for Pro & 2.2.7 for Free. This is due to missing or incorrect nonce validation on the evoeventpostupdatemeta function. This makes it...

6.5CVSS6.5AI score0.00259EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:28 a.m.8 views

CVE-2023-3219

The EventON WordPress plugin before 2.1.2 does not validate that the eventid parameter in its eventonicsdownload ajax action is a valid Event, allowing unauthenticated visitors to access any Post including unpublished or protected posts content via the ics export functionality by providing the...

5.3CVSS6.8AI score0.06116EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:8 a.m.7 views

CVE-2023-6244

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 Pro & 2.2.8 Free. This is due to missing or incorrect nonce validation on the savevirtualeventsettings function. This makes it possibl...

6.5CVSS6.3AI score0.00253EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:6 a.m.6 views

CVE-2023-6243

The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admintestemail function. This makes it possible for unauthenticated...

4.3CVSS6.5AI score0.00212EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:5 a.m.11 views

CVE-2023-6005

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example...

4.8CVSS5.7AI score0.0043EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/23 1:53 a.m.12 views

CVE-2023-2796

The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventonicsdownload ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id...

5.3CVSS7.1AI score0.37468EPSS
Exploits5References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:6 p.m.6 views

CVE-2020-29395

The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field...

6.1CVSS5.9AI score0.11696EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/19 12:59 p.m.14 views

CVE-2025-3527

The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings.js' file in all versions up to, and including, 4.9.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

6.4CVSS6.7AI score0.00179EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/18 4:4 p.m.15 views

CVE-2025-47564

Missing Authorization vulnerability in ashanjay EventON eventon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through = 4.9.8...

5.3CVSS7.2AI score0.00343EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/18 4:3 p.m.9 views

CVE-2025-48116

Missing Authorization vulnerability in Ashan Perera EventON eventon-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through = 2.4.4...

5.3CVSS7.2AI score0.00278EPSS
Exploits0References1
OSV
OSV
added 2025/05/17 12:15 p.m.6 views

CVE-2025-3527

The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings.js' file in all versions up to, and including, 4.9.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

5.4CVSS5.9AI score0.00179EPSS
Exploits0References2
NVD
NVD
added 2025/05/17 12:15 p.m.22 views

CVE-2025-3527

The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings.js' file in all versions up to, and including, 4.9.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

6.4CVSS0.00179EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/17 11:17 a.m.11 views

CVE-2025-3527 EventON - WordPress Virtual Event Calendar Plugin <= 4.9.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting

The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings.js' file in all versions up to, and including, 4.9.6. This makes it possible for authenticated attackers, with Subscriber-level access and...

6.4CVSS6.2AI score0.00179EPSS
Exploits0References2
Rows per page
Query Builder