Vulmon
Recent Vulnerabilities
Product List
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
myeventon vulnerabilities and exploits
(subscribe to this query)
4.8
CVSSv3
CVE-2023-6005
The EventON WordPress plugin prior to 4.5.5, EventON WordPress plugin prior to 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is ...
Myeventon Eventon
4.8
CVSSv3
CVE-2023-6046
The EventON WordPress plugin prior to 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfiltered_html capability is disallowed.
Myeventon Eventon
4.8
CVSSv3
CVE-2023-4388
The EventON WordPress plugin prior to 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)
Myeventon Eventon
5.3
CVSSv3
CVE-2023-2796
The EventON WordPress plugin prior to 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.
Myeventon Eventon
1 Github repository
6.1
CVSSv3
CVE-2023-7200
The EventON WordPress plugin prior to 4.4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Myeventon Eventon
6.1
CVSSv3
CVE-2023-4635
The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated malicious users to inj...
Myeventon Eventon-lite
6.1
CVSSv3
CVE-2023-7170
The EventON-RSVP WordPress plugin prior to 2.9.5 does not sanitise and escape some parameters before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
Myeventon Rsvp Events
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
buffer overflow
type confusion
server-side request forgery
CVE-2024-38440
CVE-2024-27801
CVE-2024-5868
CVE-2024-0582
CVE-2024-37643
CVE-2024-3105
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2