cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-6243,https://securityvulnerability.io/vulnerability/CVE-2023-6243,Unauthenticated Attackers Can Trick Site Admins into Performing Action via Cross-Site Request Forgery,"The EventON PRO - WordPress Virtual Event Calendar Plugin contains a vulnerability that allows unauthenticated attackers to exploit the admin_test_email function due to inadequate nonce validation. This flaw could enable attackers to send test emails to any email address by tricking site administrators into clicking malicious links. The vulnerability affects all versions of the plugin up to and including version 4.6.8, making it critical for users to ensure their installations are updated to mitigate potential unauthorized actions.",Wordpress,Eventon Pro,4.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-10-19T06:41:59.957Z,0
CVE-2024-6910,https://securityvulnerability.io/vulnerability/CVE-2024-6910,Cross-Site Scripting (XSS) Vulnerability in EventON WordPress Plugin,"The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.",Wordpress,Eventon,4.8,MEDIUM,0.00044999999227002263,false,,false,false,true,true,false,false,2024-09-09T06:00:02.015Z,0
CVE-2024-4752,https://securityvulnerability.io/vulnerability/CVE-2024-4752,Unfiltered HTML Setting Vulnerability in EventON WordPress Plugin,"The EventON WordPress plugin before 2.2.15 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,Eventon,,,0.0004299999854993075,false,,false,false,true,true,false,false,2024-07-13T06:00:06.657Z,0
CVE-2023-7200,https://securityvulnerability.io/vulnerability/CVE-2023-7200,EventON < 4.4.1 - Reflected Cross-Site Scripting,"The EventON WordPress plugin before 4.4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,EventON,6.1,MEDIUM,0.0005300000193528831,false,,false,false,true,true,false,false,2024-01-29T14:44:26.854Z,0
CVE-2023-7170,https://securityvulnerability.io/vulnerability/CVE-2023-7170,EventON-RSVP < 2.9.5 - Reflected XSS,"The EventON-RSVP WordPress plugin before 2.9.5 does not sanitise and escape some parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,EventON-RSVP,6.1,MEDIUM,0.000539999979082495,false,,false,false,true,true,false,false,2024-01-22T19:14:23.385Z,0
CVE-2024-0238,https://securityvulnerability.io/vulnerability/CVE-2024-0238,"EventON (Free < 2.2.8, Premium < 4.5.6) - Unauthenticated Arbitrary Post Metadata Update","The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata.",Wordpress,"EventON Premium,EventON",6.1,MEDIUM,0.0005499999970197678,false,,false,false,true,true,false,false,2024-01-16T15:57:05.090Z,0
CVE-2024-0235,https://securityvulnerability.io/vulnerability/CVE-2024-0235,"EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Email Address Disclosure","The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog",Wordpress,EventON,5.3,MEDIUM,0.008580000139772892,false,,false,false,true,true,false,false,2024-01-16T15:57:04.379Z,0
CVE-2024-0233,https://securityvulnerability.io/vulnerability/CVE-2024-0233,"EventON (Free < 2.2.8, Premium < 4.5.5) - Reflected XSS","The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin",Wordpress,EventON,6.1,MEDIUM,0.0005000000237487257,false,,false,false,true,true,false,false,2024-01-16T15:57:02.175Z,0
CVE-2023-6005,https://securityvulnerability.io/vulnerability/CVE-2023-6005,"EventON (Free < 2.2.7, Premium < 4.5.5) - Admin+ Stored Cross-Site Scripting","The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).",Wordpress,EventON,4.8,MEDIUM,0.0005200000014156103,false,,false,false,true,true,false,false,2024-01-16T15:57:01.802Z,0
CVE-2024-0236,https://securityvulnerability.io/vulnerability/CVE-2024-0236,"EventON (Free < 2.2.8, Premium < 4.5.5) - Unauthenticated Virtual Event Password Disclosure","The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set (for example for Zoom)",Wordpress,EventON,5.3,MEDIUM,0.0005499999970197678,false,,false,false,true,true,false,false,2024-01-16T15:57:00.337Z,0
CVE-2024-0237,https://securityvulnerability.io/vulnerability/CVE-2024-0237,"EventON (Free < 2.2.9, Premium <= 4.5.8) - Unauthenticated Virtual Event Settings Update","The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc",Wordpress,"EventON Premium,EventON",5.3,MEDIUM,0.0005499999970197678,false,,false,false,true,true,false,false,2024-01-16T15:56:59.963Z,0
CVE-2023-6046,https://securityvulnerability.io/vulnerability/CVE-2023-6046,EventON < 2.2 - Admin+ Stored HTML Injection,"The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfiltered_html capability is disallowed.",Wordpress,EventON,4.8,MEDIUM,0.0005200000014156103,false,,false,false,true,true,false,false,2024-01-16T15:54:15.535Z,0
CVE-2023-6242,https://securityvulnerability.io/vulnerability/CVE-2023-6242,Cross-Site Request Forgery in EventON WordPress Calendar Plugin,"The EventON plugin for WordPress exhibits a vulnerability due to insufficient nonce validation within the evo_eventpost_update_meta function. This security flaw allows unauthenticated attackers to potentially manipulate post metadata if they successfully deceive an administrator into executing a malicious request, such as clicking a crafted link. As a result, maintaining robust security protocols and updating to the latest patched versions is essential for all users of the EventON plugin to mitigate this risk.",Wordpress,"EventON,EventON Pro",4.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2024-01-11T14:32:23.144Z,0
CVE-2023-6244,https://securityvulnerability.io/vulnerability/CVE-2023-6244,Cross-Site Request Forgery Vulnerability in EventON Virtual Event Calendar Plugin for WordPress,"The EventON - WordPress Virtual Event Calendar Plugin is susceptible to Cross-Site Request Forgery due to inadequate nonce validation within the save_virtual_event_settings function. This vulnerability allows unauthorized attackers to potentially alter virtual event settings by tricking an administrator into performing an action, such as clicking a malicious link. This issue affects all versions up to 4.5.4 (Pro) and 2.2.8 (Free), enabling attackers to exploit the flaw without needing authentication.",Wordpress,"EventON,EventON Pro",4.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2024-01-11T14:32:22.556Z,0
CVE-2023-6158,https://securityvulnerability.io/vulnerability/CVE-2023-6158,Unauthorized Data Modification in EventON Calendar Plugin for WordPress,"The EventON - WordPress Virtual Event Calendar Plugin exhibits a security flaw that permits unauthorized modification and potential loss of data. This vulnerability arises from a missing capability check in the 'evo_eventpost_update_meta' function, affecting all versions of the plugin up to and including 4.5.4 for Pro and 2.2.7 for free. Resultantly, unauthenticated attackers can manipulate arbitrary post metadata, which may lead to data corruption or content injection due to the absence of adequate input validation.",Wordpress,"EventON,EventON Pro",6.5,MEDIUM,0.0007900000200606883,false,,false,false,false,,false,false,2024-01-10T14:32:07.924Z,0
CVE-2023-4635,https://securityvulnerability.io/vulnerability/CVE-2023-4635,Reflected Cross-Site Scripting Vulnerability in EventON Plugin for WordPress,"The EventON plugin for WordPress is susceptible to reflected cross-site scripting (XSS) attacks due to inadequate input sanitization and output escaping in the 'tab' parameter. This vulnerability enables unauthenticated attackers to inject arbitrary web scripts into web pages. If a user is deceived into clicking a malicious link, the injected scripts can execute within their browser. This not only compromises user data but also poses significant risks to the website's integrity.",Wordpress,EventON,6.1,MEDIUM,0.0015200000489130616,false,,false,false,false,,false,false,2023-10-21T08:15:00.000Z,0
CVE-2023-4388,https://securityvulnerability.io/vulnerability/CVE-2023-4388,EventON < 2.2 - Admin+ Stored XSS,"The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)",Wordpress,EventON,4.8,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2023-10-16T20:15:00.000Z,0
CVE-2023-2796,https://securityvulnerability.io/vulnerability/CVE-2023-2796,EventON < 2.1.2 - Unauthenticated Event Access,"The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.",Wordpress,Eventon,5.3,MEDIUM,0.02978000044822693,false,,false,false,false,,false,false,2023-07-10T16:15:00.000Z,0
CVE-2023-3219,https://securityvulnerability.io/vulnerability/CVE-2023-3219,EventON < 2.1.2 - Unauthenticated Post Access via IDOR,"The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.",Wordpress,Eventon,5.3,MEDIUM,0.07171999663114548,false,,false,false,false,,false,false,2023-07-10T16:15:00.000Z,0
CVE-2020-29395,https://securityvulnerability.io/vulnerability/CVE-2020-29395,,The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.,Wordpress,Eventon,6.1,MEDIUM,0.07968000322580338,false,,false,false,false,,false,false,2020-11-30T19:05:03.000Z,0