WordPress EventON Lite< 2.2.9 - Unauthenticated Virtual Event Settings Update vulnerability

Unauthenticated Virtual Event Settings Update vulnerability discovered by Erwan LR WPScan in WordPress Plugin EventON versions 2.2.9...

CVE-2024-0237 EventON (Free < 2.2.9, Premium <= 4.5.8) - Unauthenticated Virtual Event Settings Update

The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc...

WordPress plugin EventON security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

PT-2024-14911 · WordPress · Eventon

Name of the Vulnerable Software and Affected Versions: The EventON - WordPress Virtual Event Calendar Plugin versions up to, and including, 4.5.4 Pro and 2.2.8 Free Description: The issue is related to Cross-Site Request Forgery due to missing or incorrect nonce validation on the save virtual eve...