CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2025-48116 – WordPress EventON <= 2.4.4 - Broken Access Control Vulnerability
https://notcve.org/view.php?id=CVE-2025-48116
16 May 2025 — Missing Authorization vulnerability in Ashan Perera EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a through 2.4.4. The EventON – Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to perform an unauthorized action. • https://patchstack.com/database/wordpress/plugin/eventon-lite/vulnerability/wordpress-eventon-2-4-4-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-47494 – WordPress EventON <= 2.4.1 - Local File Inclusion Vulnerability
https://notcve.org/view.php?id=CVE-2025-47494
07 May 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON allows PHP Local File Inclusion. This issue affects EventON: from n/a through 2.4.1. The EventON plugin for WordPress is vulnerable to Local File Inclusion via the evo_block_render_callback() function in versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary fi... • https://patchstack.com/database/wordpress/plugin/eventon-lite/vulnerability/wordpress-eventon-2-4-1-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32614 – WordPress EventON plugin <= 2.3.2 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-32614
09 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON allows PHP Local File Inclusion. This issue affects EventON: from n/a through 2.3.2. The EventON plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.4. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be u... • https://patchstack.com/database/wordpress/plugin/eventon-lite/vulnerability/wordpress-eventon-plugin-2-3-2-local-file-inclusion-vulnerability-2?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-32160 – WordPress EventON plugin <= 2.3.2 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-32160
04 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Ashan Perera EventON. This issue affects EventON: from n/a through 2.3.2. The EventON plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and including, 2.4.1. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. Thi... • https://patchstack.com/database/wordpress/plugin/eventon-lite/vulnerability/wordpress-eventon-plugin-2-3-2-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-33940 – WordPress EventON plugin <= 2.2.14 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-33940
30 Apr 2024 — Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Ashan Jay EventON allows Stored XSS.This issue affects EventON: from n/a through 2.2.14. La vulnerabilidad de neutralización inadecuada de la entrada durante la generación de páginas web ('cross-site Scripting') en Ashan Jay EventON permite almacenar XSS. Este problema afecta a EventON: desde n/a hasta 2.2.14. The EventON plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings i... • https://patchstack.com/database/vulnerability/eventon-lite/wordpress-eventon-plugin-2-2-14-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •