Myeventon

Eventon

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
5.4

CVE-2025-3527

  • EPSS 0.04%
  • Veröffentlicht 17.05.2025 11:17:16
  • Zuletzt bearbeitet 04.06.2025 20:10:33

The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings.js' file in all versions up to, and including, 4.9.6. This makes it possible for authentica...

4.8

CVE-2024-6910

Exploit
  • EPSS 0.26%
  • Veröffentlicht 09.09.2024 06:15:02
  • Zuletzt bearbeitet 07.10.2024 17:45:17

The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

5.9

CVE-2024-4752

Exploit
  • EPSS 0.11%
  • Veröffentlicht 13.07.2024 06:15:03
  • Zuletzt bearbeitet 15.05.2025 18:16:30

The EventON WordPress plugin before 2.2.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (...

7.2

CVE-2024-6180

  • EPSS 0.69%
  • Veröffentlicht 09.07.2024 08:15:11
  • Zuletzt bearbeitet 21.11.2024 09:49:07

The EventON plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'eventon_import_settings' ajax action in all versions up to, and including, 2.2.15. This makes it possible for unauthenticate...

6.1

CVE-2023-7200

Exploit
  • EPSS 0.33%
  • Veröffentlicht 29.01.2024 15:15:09
  • Zuletzt bearbeitet 02.06.2025 19:15:24

The EventON WordPress plugin before 4.4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

6.1

CVE-2024-0233

  • EPSS 0.28%
  • Veröffentlicht 16.01.2024 16:15:14
  • Zuletzt bearbeitet 20.06.2025 18:15:24

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privileg...

6.1

CVE-2024-0238

  • EPSS 0.73%
  • Veröffentlicht 16.01.2024 16:15:14
  • Zuletzt bearbeitet 02.06.2025 15:15:26

The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbit...

5.3

CVE-2024-0237

  • EPSS 0.29%
  • Veröffentlicht 16.01.2024 16:15:14
  • Zuletzt bearbeitet 02.06.2025 15:15:26

The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc

5.3

CVE-2024-0236

  • EPSS 0.47%
  • Veröffentlicht 16.01.2024 16:15:14
  • Zuletzt bearbeitet 20.06.2025 18:15:25

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set (for...

5.3

CVE-2024-0235

  • EPSS 86.51%
  • Veröffentlicht 16.01.2024 16:15:14
  • Zuletzt bearbeitet 20.06.2025 18:15:24

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog