CVE-2023-6242
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 for Pro & 2.2.7 for Free. This is due to missing or incorrect nonce validation on the evoeventpostupdatemeta function. This makes it...