Lucene search
K

5 matches found

Nuclei
Nuclei
added 12 hours ago54 views

EventON Lite < 2.1.2 - Arbitrary File Download

The plugin does not validate that the eventid parameter in its eventonicsdownload ajax action is a valid Event, allowing unauthenticated visitors to access any Post including unpublished or protected posts content via the ics export functionality by providing the numeric id of the post. id:...

5.3CVSS6.8AI score0.06116EPSS
Exploits5References5
Nuclei
Nuclei
added 12 hours ago28 views

EventON <= 2.1 - Missing Authorization

The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventonicsdownload ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id. id: CVE-2023-2796 info: name: EventON = 2.1 - Missing Authorizati...

5.3CVSS6.5AI score0.37468EPSS
Exploits5References5
Nuclei
Nuclei
added 12 hours ago20 views

Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting

Wordpress EventON Calendar 3.0.5 is vulnerable to cross-site scripting because it allows addons/?q= XSS via the search field. id: CVE-2020-29395 info: name: Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting author: daffainfo severity: medium description: Wordpress EventON Calendar 3.0.5 is...

6.1CVSS6.3AI score0.11696EPSS
Exploits2References5
GithubExploit
GithubExploit
added 2024/06/03 2:21 p.m.221 views

Exploit for Missing Authorization in Myeventon Eventon

Badges !MIT Licensehttps://img.shields.io/badge/Licens...

9.8CVSS8AI score0.97405EPSS
Exploits22
Exploit DB
Exploit DB
added 2020/12/01 12:0 a.m.522 views

Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting

Exploit Title: Wordpress Plugin EventON Calendar 3.0.5 - Reflected Cross-Site Scripting Date: 27.11.2020 Exploit Author: b3kc4t Mustafa GUNDOGDU Vendor Homepage: https://www.myeventon.com/ Version: 3.0.5 Tested on: Ubuntu 18.04 CVE : 2020-29395 Description Link:...

7.4AI score
Exploits0
Rows per page
Query Builder