cleantalk
Vulnerabilities and Security Researches

EventON, CVE-2024-0238

CVE, Research URL

CVE-2024-0238

Home page URL

Security reports for EventON

Application

EventON

Published on
Jan 16, 2024
Research Description
The EventON Premium WordPress plugin before 4.5.6, EventON WordPress plugin before 2.2.8 do not have authorisation in an AJAX action, and does not ensure that the post to be updated belong to the plugin, allowing unauthenticated users to update arbitrary post metadata.
Affected versions
Min -, max 2.2.8.
Status
vulnerable
Previous vulnerability researches
EventON (CVE-2024-0233) , Jun 07, 2024
EventON (CVE-2023-6242) , Jun 07, 2024
EventON (CVE-2023-4635) , Jun 07, 2024
EventON (CVE-2023-6244) , Jun 07, 2024
EventON (CVE-2023-6158) , Jun 07, 2024
New vulnerability
Question Answer (CVE-2025-32646) , Apr 18, 2025
PropertyHive (CVE-2025-39577) , Apr 18, 2025
WP-BusinessDirectory – Business directory plugin for WordPress (CVE-2025-32630) , Apr 18, 2025
WordPress WP-Advanced-Search (CVE-2025-39538) , Apr 18, 2025
Most And Least Read Posts Widget (CVE-2025-39549) , Apr 18, 2025