Lucene search
K

6 matches found

NVD
NVD
added 2024/10/19 7:15 a.m.15 views

CVE-2023-6243

The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admintestemail function. This makes it possible for unauthenticated...

4.3CVSS0.00212EPSS
Exploits0References3
CVE
CVE
added 2024/10/19 6:41 a.m.58 views

CVE-2023-6243

The CVE-2023-6243 entry concerns EventON Pro (WordPress) up to version 4.6.8, with a Cross-Site Request Forgery (CSRF) flaw in the admin_test_email function caused by missing or improper nonce validation. This can allow unauthenticated attackers to trigger test emails to arbitrary addresses by tr...

4.3CVSS4.8AI score0.00212EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2024/10/19 6:41 a.m.22 views

CVE-2023-6243 EventON PRO - WordPress Virtual Event Calendar Plugin <= 4.6.8 - Cross-Site Request Forgery via admin_test_email

The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admintestemail function. This makes it possible for unauthenticated...

4.3CVSS0.00212EPSS
Exploits0References3
NVD
NVD
added 2024/01/11 3:15 p.m.40 views

CVE-2023-6244

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 Pro & 2.2.8 Free. This is due to missing or incorrect nonce validation on the savevirtualeventsettings function. This makes it possibl...

6.5CVSS6.1AI score0.00253EPSS
Exploits0References3
CVE
CVE
added 2024/01/11 2:32 p.m.53 views

CVE-2023-6242

CVE-2023-6242 is a CSRF vulnerability in the EventON WordPress plugins (EventON and EventON Pro). The flaw arises from missing or incorrect nonce validation in evo_eventpost_update_meta, enabling unauthenticated attackers to forge requests to update arbitrary post metadata. It affects all version...

6.5CVSS5.3AI score0.00259EPSS
Exploits0References4Affected Software2
Cvelist
Cvelist
added 2024/01/10 2:32 p.m.38 views

CVE-2023-6158 EventON - WordPress Virtual Event Calendar Plugin Pro <= 4.5.4 & Free <= 2.2.7 - Missing Authorization to Arbitrary Post Meta Update via evo_eventpost_update_meta

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evoeventpostupdatemeta function in all versions up to, and including, 4.5.4 for Pro and 2.2.7 for free. This make...

6.5CVSS6.8AI score0.00566EPSS
Exploits0References3
Rows per page
Query Builder