CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

19 matches found

Patchstack•added 2026/01/30 7:38 a.m.•5 views

WordPress EventON plugin < 4.5.6 - Unauthenticated Arbitrary Post Metadata Update vulnerability

Unauthenticated Arbitrary Post Metadata Update vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 4.5.6...

6.1CVSS5.9AI score0.00727EPSS

Exploits1References1Affected Software1

Patchstack•added 2025/08/14 11:14 p.m.•8 views

WordPress EventON Lite plugin <= 2.4.6 - Authenticated (Contributor+) Information Disclosure vulnerability

Authenticated Contributor+ Information Disclosure vulnerability discovered by Takihana Shota in WordPress Plugin EventON versions = 2.4.6...

4.3CVSS6.4AI score0.00143EPSS

Exploits0References1Affected Software1

Vulnrichment•added 2025/05/16 3:45 p.m.•6 views

CVE-2025-47564 WordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in ashanjay EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a through 4.9.9...

5.3CVSS6.9AI score0.00314EPSS

Exploits0References1

Cvelist•added 2025/04/11 8:42 a.m.•15 views

CVE-2025-32614 WordPress EventON plugin <= 2.4 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ashan Perera EventON eventon-lite allows PHP Local File Inclusion.This issue affects EventON: from n/a through = 2.4...

8.8CVSS0.01452EPSS

Exploits0References1

CVE•added 2025/04/11 8:42 a.m.•53 views

CVE-2025-32614

CVE-2025-32614 — EventON Local File Inclusion . The WordPress plugin EventON is affected up to version 2.4 (initial notes cite 2.3.2; Wordfence reference shows

8.8CVSS7.2AI score0.01452EPSS

Exploits0References1

Vulnrichment•added 2025/04/10 8:9 a.m.•8 views

CVE-2025-32160 WordPress EventON plugin <= 2.4.1 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ashan Perera EventON eventon-lite.This issue affects EventON: from n/a through = 2.4.1...

7.5CVSS7.2AI score0.00279EPSS

Exploits0References1

Patchstack•added 2024/09/09 12:0 a.m.•10 views

WordPress EventON Plugin < 2.2.17 is vulnerable to Cross Site Scripting (XSS)

Software EventON Type Plugin Vulnerable versions 2.2.17 Fixed in 2.2.17 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6910 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 10820219c209 Credits Wesley "dk4trin" Santos Required...

4.8CVSS5.8AI score0.0026EPSS

Exploits1References3Affected Software1

Patchstack•added 2024/07/09 12:0 a.m.•7 views

WordPress EventON Plugin <= 2.2.15 is vulnerable to Cross Site Scripting (XSS)

Software EventON Type Plugin Vulnerable versions = 2.2.15 Fixed in 2.2.16 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6180 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID aa2963dca1bd Credits Lucio Sá Required...

7.2CVSS5.7AI score0.00689EPSS

Exploits0References3Affected Software1

Patchstack•added 2024/04/30 12:0 a.m.•7 views

WordPress EventON Plugin <= 2.2.14 is vulnerable to Cross Site Scripting (XSS)

Software EventON Type Plugin Vulnerable versions = 2.2.14 Fixed in 2.2.15 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-33940 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 63d47ec77b3d Credits Van Lyubov Required privilege Administrator...

5.9CVSS6.6AI score0.00137EPSS

Exploits0References2Affected Software1

Patchstack•added 2024/01/31 12:0 a.m.•11 views

WordPress EventON Pro Plugin < 4.4.1 is vulnerable to Cross Site Scripting (XSS)

Software EventON Pro Type Plugin Vulnerable versions 4.4.1 Fixed in 4.4.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-7200 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID f88412538f0b Credits kauenavarro Required...

6.1CVSS5.6AI score0.00325EPSS

Exploits2References2Affected Software1

Positive Technologies•added 2024/01/16 12:0 a.m.•2 views

PT-2024-14861 · WordPress · Eventon

Name of the Vulnerable Software and Affected Versions: EventON WordPress plugin versions prior to 2.2 Description: The issue allows high privilege users, such as admin, to perform Stored HTML Injection attacks even when the unfiltered html capability is disallowed, due to the plugin not sanitizin...

4.8CVSS4.9AI score0.00078EPSS

Exploits2References6

CNNVD•added 2024/01/11 12:0 a.m.•1 views

WordPress Plugin EventON Pro Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. Cross-site request forgery...

6.5CVSS6.9AI score0.00134EPSS

Exploits0References4

Patchstack•added 2024/01/10 12:0 a.m.•9 views

WordPress EventON Plugin <= 2.2.8 is vulnerable to Cross Site Request Forgery (CSRF)

Software EventON Type Plugin Vulnerable versions = 2.2.8 Fixed in 2.2.9 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6244 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 8c97e0a9cf60 Credits Francesco Carlucci Required...

6.5CVSS6.6AI score0.00134EPSS

Exploits0References3Affected Software1

Patchstack•added 2024/01/10 12:0 a.m.•10 views

WordPress EventON Pro Plugin <= 4.5.4 is vulnerable to Broken Access Control

Software EventON Pro Type Plugin Vulnerable versions = 4.5.4 Fixed in 4.5.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6158 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b43943b2a15f Credits Francesco Carlucci Required...

6.5CVSS6.5AI score0.00189EPSS

Exploits0References2Affected Software1

Patchstack•added 2024/01/10 12:0 a.m.•12 views

WordPress EventON Plugin <= 2.2.7 is vulnerable to Broken Access Control

Software EventON Type Plugin Vulnerable versions = 2.2.7 Fixed in 2.2.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6158 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 05f91c2608b0 Credits Francesco Carlucci Required privilege...

6.5CVSS6.6AI score0.00189EPSS

Exploits0References3Affected Software1

Patchstack•added 2024/01/10 12:0 a.m.•9 views

WordPress EventON Pro Plugin <= 4.5.4 is vulnerable to Cross Site Request Forgery (CSRF)

Software EventON Pro Type Plugin Vulnerable versions = 4.5.4 Fixed in 4.5.5 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6244 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 5cacf0b27060 Credits Francesco Carlucci...

6.5CVSS6.7AI score0.00134EPSS

Exploits0References2Affected Software1

Patchstack•added 2024/01/10 12:0 a.m.•11 views

WordPress EventON Plugin <= 2.2.7 is vulnerable to Cross Site Request Forgery (CSRF)

Software EventON Type Plugin Vulnerable versions = 2.2.7 Fixed in 2.2.8 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-6242 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 4b4a7c0f3e28 Credits Francesco Carlucci Required...

6.5CVSS6.6AI score0.00134EPSS

Exploits0References3Affected Software1

Patchstack•added 2023/10/21 12:0 a.m.•15 views

WordPress EventON Plugin <= 2.2.2 is vulnerable to Cross Site Scripting (XSS)

Software EventON Type Plugin Vulnerable versions = 2.2.2 Fixed in 2.2.3 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-4635 Patch priority Medium CVSS severity Medium 6.1 Developer Claim ownership PSID 2a9d3b757474 Credits Shuning Xu Required privilege...

6.1CVSS6.5AI score0.01614EPSS

Exploits1References3Affected Software1

Packet Storm•added 2020/12/01 12:0 a.m.•424 views

WordPress EventON Calendar 3.0.5 Cross Site Scripting

Exploit Title: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting Date: 27.11.2020 Exploit Author: b3kc4t Mustafa GUNDOGDU Vendor Homepage: https://www.myeventon.com/ Version: 3.0.5 Tested on: Ubuntu 18.04 CVE : 2020-29395 Description Link:...

6.4AI score0.03284EPSS

Exploits2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by