Myeventon Eventon

18 CVEs affecting Myeventon Eventon. Latest disclosed: 2025-05-17. Critical: 0, High: 0.

Top CVEs affecting Myeventon Eventon
CVESeverityScorePublishedSummary
CVE-2023-6244Medium6.52024-01-11The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4…
CVE-2023-6242Medium6.52024-01-11The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4…
CVE-2023-6158Medium6.52024-01-10The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing…
CVE-2025-3527Medium6.42025-05-17The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings…
CVE-2023-7200Medium6.12024-01-29The EventON WordPress plugin before 4.4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scr…
CVE-2024-0238Medium6.12024-01-16The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that…
CVE-2024-0233Medium6.12024-01-16The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter before outputting it back in p…
CVE-2020-29395Medium6.12020-11-30The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
CVE-2024-4752Medium5.92024-07-13The EventON WordPress plugin before 2.2.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform S…
CVE-2024-0237Medium5.32024-01-16The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated user…
CVE-2024-0236Medium5.32024-01-16The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to…
CVE-2024-0235Medium5.32024-01-16The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to…
CVE-2023-3219Medium5.32023-07-10The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unau…
CVE-2023-2796Medium5.32023-07-10The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to…
CVE-2024-6910Medium4.82024-09-09The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform C…
CVE-2023-6046Medium4.82024-01-16The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stor…
CVE-2023-6005Medium4.82024-01-16The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high priv…
CVE-2023-4388Medium4.82023-10-16The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stor…