EventON Lite <= 2.4 - Authenticated Local File Inclusion

Ashan Perera EventON contains a PHP remote file inclusion caused by improper control of filename in include/require statements, letting attackers include local files, exploit requires attacker to control include filename. id: CVE-2025-32614 info: name: EventON Lite = 2.4 - Authenticated Local Fil...

Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting

Wordpress EventON Calendar 3.0.5 is vulnerable to cross-site scripting because it allows addons/?q= XSS via the search field. id: CVE-2020-29395 info: name: Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting author: daffainfo severity: medium description: Wordpress EventON Calendar 3.0.5 is...

EventON Lite < 2.1.2 - Arbitrary File Download

The plugin does not validate that the eventid parameter in its eventonicsdownload ajax action is a valid Event, allowing unauthenticated visitors to access any Post including unpublished or protected posts content via the ics export functionality by providing the numeric id of the post. id:...

EventON (Free < 2.2.8, Premium < 4.5.5) - Information Disclosure

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorization in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog. id: CVE-2024-0235 info: name: EventON Free 2.2.8, Premium 4.5.5 - Information Disclosu...

EventON <= 2.1 - Missing Authorization

The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventonicsdownload ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id. id: CVE-2023-2796 info: name: EventON = 2.1 - Missing Authorizati...

CVE-2026-28037

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ashanjay EventON eventon allows Reflected XSS.This issue affects EventON: from n/a through = 4.9.12...

EUVD-2026-9699

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ashanjay EventON eventon allows Reflected XSS.This issue affects EventON: from n/a through = 4.9.12...

CVE-2026-28037

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ashanjay EventON eventon allows Reflected XSS.This issue affects EventON: from n/a through = 4.9.12...

CVE-2026-28037 WordPress EventON plugin <= 4.9.12 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ashanjay EventON eventon allows Reflected XSS.This issue affects EventON: from n/a through = 4.9.12...

CVE-2026-28037

CVE-2026-28037 is a reflected XSS vulnerability in the WordPress EventON plugin (versions up to 4.9.12). The issue arises from improper neutralization of input during web page generation, enabling an attacker-controlled input to be reflected back to the user’s browser. The CVSS vector in the init...

CVE-2026-28037 WordPress EventON plugin <= 4.9.12 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ashanjay EventON eventon allows Reflected XSS.This issue affects EventON: from n/a through = 4.9.12...

PT-2026-23319

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ashanjay EventON eventon allows Reflected XSS.This issue affects EventON: from n/a through = 4.9.12...

WordPress plugin EventON 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress EventON plugin <= 4.9.12 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin EventON versions = 4.9.12...

WordPress EventON-RSVP plugin < 2.9.5 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by kauenavarro in WordPress Plugin EventON-RSVP versions 2.9.5...

WordPress EventON Lite < 2.2.8 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 2.2.8...

WordPress EventON < 4.5.5 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 4.5.5...

WordPress EventON < 2.2.8 - Unauthenticated Email Address Disclosure vulnerability

Unauthenticated Email Address Disclosure vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 2.2.8...

WordPress EventON < 4.5.5 - Unauthenticated Email Address Disclosure vulnerability

Unauthenticated Email Address Disclosure vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 4.5.5...

WordPress EventON plugin < 4.5.9 - Unauthenticated Virtual Event Settings Update vulnerability

Unauthenticated Virtual Event Settings Update vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 4.5.9...