24 matches found
CVE-2026-9711
CVE-2026-9711 affects the EventON WordPress Virtual Event Calendar Plugin (full) up to version 5.0.11. The root cause is insufficient escaping and lack of prepared statements in the SQL query used when processing the WordPress search parameter, enabling an unauthenticated attacker to append addit...
PT-2026-23319
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ashanjay EventON eventon allows Reflected XSS.This issue affects EventON: from n/a through = 4.9.12...
CVE-2025-63064
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ashanjay EventON eventon allows Stored XSS.This issue affects EventON: from n/a through = 4.9.12...
EUVD-2024-34520
Malicious code in bioql PyPI...
EUVD-2025-15506
Malicious code in bioql PyPI...
EUVD-2025-19980
Malicious code in bioql PyPI...
CVE-2025-47565
Missing Authorization vulnerability in ashanjay EventON eventon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventON: from n/a through = 4.9.9...
CVE-2025-47565 WordPress EventON plugin <= 4.9.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in ashanjay EventON eventon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventON: from n/a through = 4.9.9...
CVE-2024-33940
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Ashan Jay EventON allows Stored XSS.This issue affects EventON: from n/a through 2.2.14...
CVE-2025-48116
Missing Authorization vulnerability in Ashan Perera EventON eventon-lite allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through = 2.4.4...
WordPress EventON plugin <= 4.9.6 - Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
Missing Authorization to Authenticated Subscriber+ Stored Cross-Site Scripting vulnerability discovered by Nguyễn Trung Kiên in WordPress Plugin EventON versions = 4.9.6...
CVE-2025-47564
Missing Authorization vulnerability in ashanjay EventON eventon allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects EventON: from n/a through = 4.9.8...
CVE-2025-47564
CVE-2025-47564 describes a Missing Authorization vulnerability in the WordPress plugin EventON (affected: n/a through 4.9.9) that allows accessing functionality not properly constrained by ACLs. The connected documents confirm a broken/access-control issue in EventON variants, with references ind...
PT-2025-21712 · Eventon · Eventon
Name of the Vulnerable Software and Affected Versions: EventON versions n/a through 4.9.9 Description: The issue is related to a Missing Authorization vulnerability, which allows accessing functionality not properly constrained by ACLs. Recommendations: For versions n/a through 4.9.9, update to a...
CVE-2025-47494
CVE-2025-47494 concerns the WordPress plugin EventON (EventON-lite) with an Authenticated Local File Inclusion vulnerability. The issue stems from improper control of filenames used in PHP include/require, enabling LFI for attackers who have authenticated access. Affected software versions are Ev...
CVE-2025-32614
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ashan Perera EventON eventon-lite allows PHP Local File Inclusion.This issue affects EventON: from n/a through = 2.4...
CVE-2025-32614
Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Ashan Perera EventON eventon-lite allows PHP Local File Inclusion.This issue affects EventON: from n/a through = 2.4...
CVE-2025-32160
CVE-2025-32160 applies to the WordPress plugin “EventON” (Ashan Perera EventON). The vulnerability is described as Improper Control of Filename for Include/Require Statement (PHP Remote File Inclusion) that affects EventON versions from n/a through 2.3.2, with a CVSS v3.1 base score of 7.5 (High)...
WordPress plugin EventON security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
PT-2024-15403 · WordPress · Eventon
Name of the Vulnerable Software and Affected Versions: EventON WordPress plugin versions prior to 4.5.9 EventON WordPress plugin versions prior to 2.2.7 Description: The issue concerns a lack of authorization in some AJAX actions within the EventON WordPress plugin, allowing unauthenticated users...