Lucene search
K

109 matches found

NVD
NVD
added 2026/06/30 10:16 a.m.11 views

CVE-2026-9711

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress full is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL quer...

9.8CVSS0.00438EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/30 9:31 a.m.36 views

CVE-2026-9711 EventON - WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL Injection via Search Parameter

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress full is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL quer...

9.8CVSS0.00438EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/30 9:31 a.m.6 views

EUVD-2026-40273

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress full is vulnerable to SQL Injection via the WordPress 'search' parameter in versions up to, and including, 5.0.11 due to insufficient escaping on the user supplied parameter and lack of preparation on the existing SQL quer...

9.8CVSS5.8AI score0.00438EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/30 12:0 a.m.10 views

PT-2026-53836

Name of the Vulnerable Software and Affected Versions EventON - WordPress Virtual Event Calendar Plugin versions prior to 5.0.12 Description An issue exists where unauthenticated attackers can perform SQL Injection, a technique used to interfere with the queries that an application makes to its...

9.8CVSS6AI score0.00438EPSS
Exploits0References8
CVE
CVE
added 2026/03/05 5:54 a.m.15 views

CVE-2026-28037

CVE-2026-28037 is a reflected XSS vulnerability in the WordPress EventON plugin (versions up to 4.9.12). The issue arises from improper neutralization of input during web page generation, enabling an attacker-controlled input to be reflected back to the user’s browser. The CVSS vector in the init...

7.1CVSS5.9AI score0.0018EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/05 12:0 a.m.7 views

WordPress plugin EventON 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

7.1CVSS5.6AI score0.0018EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/02 12:35 p.m.8 views

WordPress EventON plugin <= 4.9.12 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin EventON versions = 4.9.12...

7.1CVSS5.9AI score0.0018EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/01/30 9:38 a.m.9 views

WordPress EventON Lite < 2.2.8 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 2.2.8...

6.1CVSS5.9AI score0.00366EPSS
Exploits1References1Affected Software1
Patchstack
Patchstack
added 2026/01/30 8:5 a.m.14 views

WordPress EventON < 2.2.8 - Unauthenticated Email Address Disclosure vulnerability

Unauthenticated Email Address Disclosure vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 2.2.8...

5.3CVSS5.9AI score0.37957EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2026/01/30 7:47 a.m.7 views

WordPress EventON < 2.2.8 - Unauthenticated Virtual Event Password Disclosure vulnerability

Unauthenticated Virtual Event Password Disclosure vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 2.2.8...

5.3CVSS5.9AI score0.00453EPSS
Exploits1References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.7 views

CVE-2023-4388

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

4.8CVSS5.3AI score0.00402EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:26 a.m.9 views

CVE-2023-4635

The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in page...

6.1CVSS6.4AI score0.00618EPSS
Exploits1References1
EUVD
EUVD
added 2025/12/09 6:30 p.m.4 views

EUVD-2025-201965

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ashanjay EventON eventon allows Stored XSS.This issue affects EventON: from n/a through = 4.9.12...

6.5CVSS5.5AI score0.00212EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/12/09 2:52 p.m.3 views

CVE-2025-63064 WordPress EventON plugin <= 4.9.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ashanjay EventON eventon allows Stored XSS.This issue affects EventON: from n/a through = 4.9.12...

6.5CVSS5.6AI score0.00212EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 2:52 p.m.23 views

CVE-2025-63064 WordPress EventON plugin <= 4.9.12 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ashanjay EventON eventon allows Stored XSS.This issue affects EventON: from n/a through = 4.9.12...

6.5CVSS0.00212EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 2:52 p.m.23 views

CVE-2025-63064

CVE-2025-63064 concerns a Stored Cross-Site Scripting (XSS) vulnerability in the WordPress plugin EventON (versions

6.5CVSS5.6AI score0.00212EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/12/09 12:0 a.m.12 views

WordPress plugin EventON 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

6.5CVSS5.9AI score0.00212EPSS
Exploits0References1
Patchstack
Patchstack
added 2025/10/29 4:32 a.m.8 views

WordPress EventON plugin <= 4.9.12 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin EventON versions = 4.9.12...

6.5CVSS6.1AI score0.00212EPSS
Exploits0Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-58408

Malicious code in bioql PyPI...

6.5CVSS7.2AI score0.00566EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2024-16035

Malicious code in bioql PyPI...

5.3CVSS5.6AI score0.00411EPSS
Exploits1References2
Rows per page
Query Builder