Product
myeventon eventon
20 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
CVE-2025-3527
CVE-2023-6243
CVE-2024-6910
CVE-2024-4752
CVE-2023-7200
CVE-2024-0238
CVE-2024-0237
CVE-2024-0236
CVE-2024-0235
CVE-2024-0233
CVE-2023-6046
CVE-2023-6005
CVE-2023-6244
CVE-2023-6242
CVE-2023-6158
CVE-2023-4635
CVE-2023-4388
CVE-2023-3219
CVE-2023-2796
CVE-2020-29395
<= 4.9.6
The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the '
< 4.7
The EventON PRO - WordPress Virtual Event Calendar Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all
< 2.2.17
The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings, which could allow high privilege use
< 2.2.15
The EventON WordPress plugin before 2.2.15 does not sanitise and escape some of its settings, which could allow high privilege use
< 4.4.1
The EventON WordPress plugin before 4.4.1 does not sanitise and escape a parameter before outputting it back in the page, leading
< 2.2.7
The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX acti
< 2.2.7
The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions,
< 2.2.7
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allo
< 2.2.7
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allo
< 2.2.7
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter b
< 2.2
The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users
< 2.2.7
The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings
< 2.2.9
The EventON - WordPress Virtual Event Calendar Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all vers
< 2.2.8
The EventON - WordPress Virtual Event Calendar Plugin for WordPress is vulnerable to Cross-Site Request Forgery in all vers
<= 2.2.7
The EventON - WordPress Virtual Event Calendar Plugin for WordPress is vulnerable to unauthorized modification of data and
<= 2.2.2
The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and in
< 2.2
The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users
< 2.1.2
The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is
< 2.1.2
The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing
<= 3.0.5
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.