Really Simple Security logo

Log out
Get PRO

Latest

Access violation vulnerability in EventON 2.2.7

  • Severity: medium-risk
  • Status: Open
  • Publication: January 9, 2024

A popular plugin called EventON – WordPress Virtual Event Calendar Plugin has a security flaw that could allow hackers to change or delete important information without permission. This vulnerability affects versions 4.5.4 and below for the paid version, and 2.2.7 and below for the free version. This means that people who are not logged in or verified can access and alter data on the plugin. It’s also possible for them to add their own content. This issue has been given the name CVE-2024-0238.

Detected in:

EventON fixed vulnerable versions: >= * <= 4.5.4
EventON – Events Calendar fixed vulnerable versions:
EventON (Pro) - WordPress Virtual Event Calendar Plugin fixed vulnerable versions:
EventON Pro fixed vulnerable versions:
EventON - WordPress Virtual Event Calendar Plugin open vulnerable versions: >= * <= 0

This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!

Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:

> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21

  • Incorrect?

Is this information incorrect? Please leave us a message.