cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2023-6243,https://securityvulnerability.io/vulnerability/CVE-2023-6243,Unauthenticated Attackers Can Trick Site Admins into Performing Action via Cross-Site Request Forgery,"The EventON PRO - WordPress Virtual Event Calendar Plugin contains a vulnerability that allows unauthenticated attackers to exploit the admin_test_email function due to inadequate nonce validation. This flaw could enable attackers to send test emails to any email address by tricking site administrators into clicking malicious links. The vulnerability affects all versions of the plugin up to and including version 4.6.8, making it critical for users to ensure their installations are updated to mitigate potential unauthorized actions.",Wordpress,Eventon Pro,4.3,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-10-19T06:41:59.957Z,0
CVE-2023-6242,https://securityvulnerability.io/vulnerability/CVE-2023-6242,Cross-Site Request Forgery in EventON WordPress Calendar Plugin,"The EventON plugin for WordPress exhibits a vulnerability due to insufficient nonce validation within the evo_eventpost_update_meta function. This security flaw allows unauthenticated attackers to potentially manipulate post metadata if they successfully deceive an administrator into executing a malicious request, such as clicking a crafted link. As a result, maintaining robust security protocols and updating to the latest patched versions is essential for all users of the EventON plugin to mitigate this risk.",Wordpress,"EventON,EventON Pro",4.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2024-01-11T14:32:23.144Z,0
CVE-2023-6244,https://securityvulnerability.io/vulnerability/CVE-2023-6244,Cross-Site Request Forgery Vulnerability in EventON Virtual Event Calendar Plugin for WordPress,"The EventON - WordPress Virtual Event Calendar Plugin is susceptible to Cross-Site Request Forgery due to inadequate nonce validation within the save_virtual_event_settings function. This vulnerability allows unauthorized attackers to potentially alter virtual event settings by tricking an administrator into performing an action, such as clicking a malicious link. This issue affects all versions up to 4.5.4 (Pro) and 2.2.8 (Free), enabling attackers to exploit the flaw without needing authentication.",Wordpress,"EventON,EventON Pro",4.3,MEDIUM,0.0006500000017695129,false,,false,false,false,,false,false,2024-01-11T14:32:22.556Z,0
CVE-2023-6158,https://securityvulnerability.io/vulnerability/CVE-2023-6158,Unauthorized Data Modification in EventON Calendar Plugin for WordPress,"The EventON - WordPress Virtual Event Calendar Plugin exhibits a security flaw that permits unauthorized modification and potential loss of data. This vulnerability arises from a missing capability check in the 'evo_eventpost_update_meta' function, affecting all versions of the plugin up to and including 4.5.4 for Pro and 2.2.7 for free. Resultantly, unauthenticated attackers can manipulate arbitrary post metadata, which may lead to data corruption or content injection due to the absence of adequate input validation.",Wordpress,"EventON,EventON Pro",6.5,MEDIUM,0.0007900000200606883,false,,false,false,false,,false,false,2024-01-10T14:32:07.924Z,0