Myeventon Eventon
18 CVEs affecting Myeventon Eventon. Latest disclosed: 2025-05-17. Critical: 0, High: 0.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2023-6244 | Medium | 6.5 | 2024-01-11 | The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4… |
CVE-2023-6242 | Medium | 6.5 | 2024-01-11 | The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4… |
CVE-2023-6158 | Medium | 6.5 | 2024-01-10 | The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing… |
CVE-2025-3527 | Medium | 6.4 | 2025-05-17 | The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings… |
CVE-2023-7200 | Medium | 6.1 | 2024-01-29 | The EventON WordPress plugin before 4.4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scr… |
CVE-2024-0238 | Medium | 6.1 | 2024-01-16 | The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that… |
CVE-2024-0233 | Medium | 6.1 | 2024-01-16 | The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter before outputting it back in p… |
CVE-2020-29395 | Medium | 6.1 | 2020-11-30 | The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field. |
CVE-2024-4752 | Medium | 5.9 | 2024-07-13 | The EventON WordPress plugin before 2.2.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform S… |
CVE-2024-0237 | Medium | 5.3 | 2024-01-16 | The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated user… |
CVE-2024-0236 | Medium | 5.3 | 2024-01-16 | The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to… |
CVE-2024-0235 | Medium | 5.3 | 2024-01-16 | The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to… |
CVE-2023-3219 | Medium | 5.3 | 2023-07-10 | The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unau… |
CVE-2023-2796 | Medium | 5.3 | 2023-07-10 | The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to… |
CVE-2024-6910 | Medium | 4.8 | 2024-09-09 | The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform C… |
CVE-2023-6046 | Medium | 4.8 | 2024-01-16 | The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stor… |
CVE-2023-6005 | Medium | 4.8 | 2024-01-16 | The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high priv… |
CVE-2023-4388 | Medium | 4.8 | 2023-10-16 | The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stor… |