EUVD-2024-16034

Malicious code in bioql PyPI...

EUVD-2023-54252

Malicious code in bioql PyPI...

CVE-2024-4752

The EventON WordPress plugin before 2.2.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

CVE-2025-3527

CVE-2025-3527 concerns the EventON Pro WordPress plugin (WordPress Virtual Event Calendar Plugin) up to version 4.9.6. The issue is a missing capability check in assets/lib/settings/settings.js that allows authenticated attackers with Subscriber-level access and above to inject arbitrary web scri...

CVE-2024-0238 EventON (Free < 2.2.8, Premium < 4.5.6) - Unauthenticated Arbitrary Post Metadata Update

The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata...

CVE-2024-0233 EventON (Free < 2.2.8, Premium < 4.5.5) - Reflected XSS

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

CVE-2023-6244 EventON - WordPress Virtual Event Calendar Plugin <= 4.5.4 (Pro) & <= 2.2.8 (Free) - Cross-Site Request Forgery via save_virtual_event_settings

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 Pro & 2.2.8 Free. This is due to missing or incorrect nonce validation on the savevirtualeventsettings function. This makes it possibl...