myeventon CVE Vulnerabilities & Metrics

Focus on myeventon vulnerabilities and metrics.

Last updated: 08 Mar 2025, 23:25 UTC

About myeventon Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with myeventon. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total myeventon CVEs: 18
Earliest CVE date: 30 Nov 2020, 20:15 UTC
Latest CVE date: 19 Oct 2024, 07:15 UTC

Latest CVE reference: CVE-2023-6243

Rolling Stats

30-day Count (Rolling): 0
365-day Count (Rolling): 2

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): -86.67%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): -86.67%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical myeventon CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 0.24

Max CVSS: 4.3

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	17
4.0-6.9	1
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS myeventon CVEs

These are the five CVEs with the highest CVSS scores for myeventon, sorted by severity first and recency.

CVE-2020-29395 myeventon Published on 30 Nov 2020, 20:15 UTC (CVSS: 4.3)
The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.
CVE-2023-6243 myeventon Published on 19 Oct 2024, 07:15 UTC (CVSS: 0)
The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admin_test_email function. This makes it possible for unauthenticated attackers to send test emails to arbitrary email addresses via a forged request granted they can tr...
CVE-2024-6910 myeventon Published on 09 Sep 2024, 06:15 UTC (CVSS: 0)
The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.
CVE-2023-7200 myeventon Published on 29 Jan 2024, 15:15 UTC (CVSS: 0)
The EventON WordPress plugin before 4.4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
CVE-2024-0238 myeventon Published on 16 Jan 2024, 16:15 UTC (CVSS: 0)
The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata.

All CVEs for myeventon

CVE-2023-6243 myeventon vulnerability CVSS: 0 19 Oct 2024, 07:15 UTC

The EventON PRO - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.6.8. This is due to missing or incorrect nonce validation on the admin_test_email function. This makes it possible for unauthenticated attackers to send test emails to arbitrary email addresses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2024-6910 myeventon vulnerability CVSS: 0 09 Sep 2024, 06:15 UTC

The EventON WordPress plugin before 2.2.17 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed.

CVE-2023-7200 myeventon vulnerability CVSS: 0 29 Jan 2024, 15:15 UTC

The EventON WordPress plugin before 4.4.1 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVE-2024-0238 myeventon vulnerability CVSS: 0 16 Jan 2024, 16:15 UTC

The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata.

CVE-2024-0237 myeventon vulnerability CVSS: 0 16 Jan 2024, 16:15 UTC

The EventON WordPress plugin through 4.5.8, EventON WordPress plugin before 2.2.7 do not have authorisation in some AJAX actions, allowing unauthenticated users to update virtual events settings, such as meeting URL, moderator, access details etc

CVE-2024-0236 myeventon vulnerability CVSS: 0 16 Jan 2024, 16:15 UTC

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve the settings of arbitrary virtual events, including any meeting password set (for example for Zoom)

CVE-2024-0235 myeventon vulnerability CVSS: 0 16 Jan 2024, 16:15 UTC

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not have authorisation in an AJAX action, allowing unauthenticated users to retrieve email addresses of any users on the blog

CVE-2024-0233 myeventon vulnerability CVSS: 0 16 Jan 2024, 16:15 UTC

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 do not properly sanitise and escape a parameter before outputting it back in pages, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin

CVE-2023-6046 myeventon vulnerability CVSS: 0 16 Jan 2024, 16:15 UTC

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored HTML Injection attacks even when the unfiltered_html capability is disallowed.

CVE-2023-6005 myeventon vulnerability CVSS: 0 16 Jan 2024, 16:15 UTC

The EventON WordPress plugin before 4.5.5, EventON WordPress plugin before 2.2.7 does not sanitize and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).

CVE-2023-6244 myeventon vulnerability CVSS: 0 11 Jan 2024, 15:15 UTC

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (Pro) & 2.2.8 (Free). This is due to missing or incorrect nonce validation on the save_virtual_event_settings function. This makes it possible for unauthenticated attackers to modify virtual event settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2023-6242 myeventon vulnerability CVSS: 0 11 Jan 2024, 15:15 UTC

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (for Pro) & 2.2.7 (for Free). This is due to missing or incorrect nonce validation on the evo_eventpost_update_meta function. This makes it possible for unauthenticated attackers to update arbitrary post metadata via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.

CVE-2023-6158 myeventon vulnerability CVSS: 0 10 Jan 2024, 15:15 UTC

The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evo_eventpost_update_meta function in all versions up to, and including, 4.5.4 (for Pro) and 2.2.7 (for free). This makes it possible for unauthenticated attackers to update and remove arbitrary post metadata. Note that certain parameters may allow for content injection.

CVE-2023-4635 myeventon vulnerability CVSS: 0 21 Oct 2023, 08:15 UTC

The EventON plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in versions up to, and including, 2.2.2 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user into performing an action such as clicking on a link.

CVE-2023-4388 myeventon vulnerability CVSS: 0 16 Oct 2023, 20:15 UTC

The EventON WordPress plugin before 2.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup)

CVE-2023-3219 myeventon vulnerability CVSS: 0 10 Jul 2023, 16:15 UTC

The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post.

CVE-2023-2796 myeventon vulnerability CVSS: 0 10 Jul 2023, 16:15 UTC

The EventON WordPress plugin before 2.1.2 lacks authentication and authorization in its eventon_ics_download ajax action, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id.

CVE-2020-29395 myeventon vulnerability CVSS: 4.3 30 Nov 2020, 20:15 UTC

The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.