cleantalk
Vulnerabilities and Security Researches

EventON, CVE-2023-6244

CVE, Research URL

CVE-2023-6244

Home page URL

Security reports for EventON

Application

EventON

Published on
Jan 11, 2024
Research Description
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.5.4 (Pro) & 2.2.8 (Free). This is due to missing or incorrect nonce validation on the save_virtual_event_settings function. This makes it possible for unauthenticated attackers to modify virtual event settings via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
Affected versions
Min -, max 2.2.9.
Status
vulnerable
Previous vulnerability researches
EventON (CVE-2024-0233) , Jun 07, 2024
EventON (CVE-2023-6242) , Jun 07, 2024
EventON (CVE-2023-4635) , Jun 07, 2024
EventON (CVE-2023-6244) , Jun 07, 2024
EventON (CVE-2023-6158) , Jun 07, 2024
New vulnerability
WPAdverts – Classifieds Plugin (CVE-2025-39576) , Apr 18, 2025
Checkout Files Upload for WooCommerce (CVE-2025-39520) , Apr 18, 2025
Password Protected – Ultimate Plugin to Password Protect Your WordPress Content with Ease (CVE-2025-3453) , Apr 18, 2025
Site Search 360 (CVE-2025-39530) , Apr 17, 2025
Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders (CVE-2025-39589) , Apr 17, 2025