Lucene search
K

10 matches found

Patchstack
Patchstack
added 2026/06/30 9:17 a.m.7 views

WordPress EventON (Pro) - WordPress Virtual Event Calendar Plugin plugin <= 5.0.11 - WordPress Virtual Event Calendar Plugin <= 5.0.11 - Unauthenticated Blind SQL Injection vulnerability

WordPress EventON Pro - WordPress Virtual Event Calendar Plugin plugin = 5.0.11 - WordPress Virtual Event Calendar Plugin = 5.0.11 - Unauthenticated Blind SQL Injection vulnerability discovered by Nguyen Ngoc Duc duc193 in WordPress Plugin EventON versions = 5.0.11...

9.8CVSS5.8AI score0.00438EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2024/10/19 7:15 a.m.15 views

CVE-2023-6243

The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admintestemail function. This makes it possible for unauthenticated...

4.3CVSS0.00212EPSS
Exploits0References3
CVE
CVE
added 2024/10/19 6:41 a.m.58 views

CVE-2023-6243

The CVE-2023-6243 entry concerns EventON Pro (WordPress) up to version 4.6.8, with a Cross-Site Request Forgery (CSRF) flaw in the admin_test_email function caused by missing or improper nonce validation. This can allow unauthenticated attackers to trigger test emails to arbitrary addresses by tr...

4.3CVSS4.8AI score0.00212EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/10/19 6:41 a.m.22 views

CVE-2023-6243 EventON PRO - WordPress Virtual Event Calendar Plugin <= 4.6.8 - Cross-Site Request Forgery via admin_test_email

The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admintestemail function. This makes it possible for unauthenticated...

4.3CVSS0.00212EPSS
Exploits0References3
NVD
NVD
added 2024/01/11 3:15 p.m.40 views

CVE-2023-6244

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 Pro & 2.2.8 Free. This is due to missing or incorrect nonce validation on the savevirtualeventsettings function. This makes it possibl...

6.5CVSS6.1AI score0.00253EPSS
Exploits0References3
CVE
CVE
added 2024/01/11 2:32 p.m.55 views

CVE-2023-6242

CVE-2023-6242 is a CSRF vulnerability in the EventON WordPress plugins (EventON and EventON Pro). The flaw arises from missing or incorrect nonce validation in evo_eventpost_update_meta, enabling unauthenticated attackers to forge requests to update arbitrary post metadata. It affects all version...

6.5CVSS5.3AI score0.00259EPSS
Exploits0References4Affected Software2
CVE
CVE
added 2024/01/11 2:32 p.m.41 views

CVE-2023-6244

CVE-2023-6244 describes a Cross-Site Request Forgery in the EventON WordPress plugin (EventON Pro and EventON Lite). The flaw arises from missing or incorrect nonce validation in the save_virtual_event_settings function, allowing unauthenticated attackers to modify virtual event settings via forg...

6.5CVSS5.2AI score0.00253EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2024/01/11 2:32 p.m.43 views

CVE-2023-6244 EventON - WordPress Virtual Event Calendar Plugin <= 4.5.4 (Pro) & <= 2.2.8 (Free) - Cross-Site Request Forgery via save_virtual_event_settings

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 Pro & 2.2.8 Free. This is due to missing or incorrect nonce validation on the savevirtualeventsettings function. This makes it possibl...

6.5CVSS6.3AI score0.00253EPSS
Exploits0References3
CVE
CVE
added 2024/01/10 2:32 p.m.45 views

CVE-2023-6158

CVE-2023-6158 (EventON WordPress Plugin) : The vulnerability arises from a missing capability check in evo_eventpost_update_meta, allowing unauthenticated attackers to update and remove arbitrary post metadata. Affected are EventON Pro (versions &lt;= 4.5.4) and EventON (free) (versions

6.5CVSS6.8AI score0.00566EPSS
Exploits0References3Affected Software2
Cvelist
Cvelist
added 2024/01/10 2:32 p.m.38 views

CVE-2023-6158 EventON - WordPress Virtual Event Calendar Plugin Pro <= 4.5.4 & Free <= 2.2.7 - Missing Authorization to Arbitrary Post Meta Update via evo_eventpost_update_meta

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evoeventpostupdatemeta function in all versions up to, and including, 4.5.4 for Pro and 2.2.7 for free. This make...

6.5CVSS6.8AI score0.00566EPSS
Exploits0References3
Rows per page
Query Builder