CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32614 – WordPress EventON plugin <= 2.3.2 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-32614
09 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON allows PHP Local File Inclusion. This issue affects EventON: from n/a through 2.3.2. The EventON plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be u... • https://patchstack.com/database/wordpress/plugin/eventon-lite/vulnerability/wordpress-eventon-plugin-2-3-2-local-file-inclusion-vulnerability-2?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32160 – WordPress EventON plugin <= 2.3.2 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-32160
04 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON. This issue affects EventON: from n/a through 2.3.2. The EventON plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.3.2. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. Thi... • https://patchstack.com/database/wordpress/plugin/eventon-lite/vulnerability/wordpress-eventon-plugin-2-3-2-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33940 – WordPress EventON plugin <= 2.2.14 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-33940
30 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashan Jay EventON allows Stored XSS.This issue affects EventON: from n/a through 2.2.14. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Ashan Jay EventON permite almacenar XSS. Este problema afecta a EventON: desde n/a hasta 2.2.14. The EventON plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings i... • https://patchstack.com/database/vulnerability/eventon-lite/wordpress-eventon-plugin-2-2-14-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •