Myeventon

Eventon

19 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.8

CVE-2023-6046

Exploit
  • EPSS 0.08%
  • Veröffentlicht 16.01.2024 16:15:13
  • Zuletzt bearbeitet 13.06.2025 20:15:22

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfiltered_html capability is disallowed.

4.8

CVE-2023-6005

Exploit
  • EPSS 0.2%
  • Veröffentlicht 16.01.2024 16:15:13
  • Zuletzt bearbeitet 20.06.2025 18:15:24

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfi...

4.3

CVE-2023-6244

  • EPSS 0.11%
  • Veröffentlicht 11.01.2024 15:15:08
  • Zuletzt bearbeitet 03.06.2025 14:15:37

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (Pro) & 2.2.8 (Free). This is due to missing or incorrect nonce validation on the save_...

4.3

CVE-2023-6242

  • EPSS 0.11%
  • Veröffentlicht 11.01.2024 15:15:08
  • Zuletzt bearbeitet 03.06.2025 14:15:37

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (for Pro) & 2.2.7 (for Free). This is due to missing or incorrect nonce validation on t...

6.5

CVE-2023-6158

  • EPSS 0.15%
  • Veröffentlicht 10.01.2024 15:15:10
  • Zuletzt bearbeitet 03.06.2025 15:15:50

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evo_eventpost_update_meta function in all versions up to, and incl...

4.8

CVE-2023-4388

Exploit
  • EPSS 0.08%
  • Veröffentlicht 16.10.2023 20:15:15
  • Zuletzt bearbeitet 23.04.2025 17:16:44

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for...

5.3

CVE-2023-3219

Exploit
  • EPSS 74.71%
  • Veröffentlicht 10.07.2023 16:15:55
  • Zuletzt bearbeitet 21.11.2024 08:16:43

The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content ...

5.3

CVE-2023-2796

Exploit
  • EPSS 76.33%
  • Veröffentlicht 10.07.2023 16:15:51
  • Zuletzt bearbeitet 21.11.2024 07:59:18

The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.

6.1

CVE-2020-29395

Exploit
  • EPSS 3.28%
  • Veröffentlicht 30.11.2020 20:15:11
  • Zuletzt bearbeitet 21.11.2024 05:23:59

The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.