6 matches found
CVE-2023-6158
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evoeventpostupdatemeta function in all versions up to, and including, 4.5.4 for Pro and 2.2.7 for free. This make...
CVE-2023-6158
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evoeventpostupdatemeta function in all versions up to, and including, 4.5.4 for Pro and 2.2.7 for free. This make...
CVE-2023-6158 EventON - WordPress Virtual Event Calendar Plugin Pro <= 4.5.4 & Free <= 2.2.7 - Missing Authorization to Arbitrary Post Meta Update via evo_eventpost_update_meta
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evoeventpostupdatemeta function in all versions up to, and including, 4.5.4 for Pro and 2.2.7 for free. This make...
CVE-2023-6158
CVE-2023-6158 (EventON WordPress Plugin) : The vulnerability arises from a missing capability check in evo_eventpost_update_meta, allowing unauthenticated attackers to update and remove arbitrary post metadata. Affected are EventON Pro (versions <= 4.5.4) and EventON (free) (versions
WordPress EventON Plugin <= 2.2.7 is vulnerable to Broken Access Control
Software EventON Type Plugin Vulnerable versions = 2.2.7 Fixed in 2.2.8 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6158 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 05f91c2608b0 Credits Francesco Carlucci Required privilege...
WordPress EventON Pro Plugin <= 4.5.4 is vulnerable to Broken Access Control
Software EventON Pro Type Plugin Vulnerable versions = 4.5.4 Fixed in 4.5.5 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-6158 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID b43943b2a15f Credits Francesco Carlucci Required...