WordPress Plugin Vulnerabilities

EventON (Pro) <= 4.9.9 - Missing Authorization

Description

The EventON (Pro) - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 4.9.9. This makes it possible for unauthenticated attackers to perform an unauthorized action.

Affects Plugins

Plugin icon
eventON
No known fix

References

CVE
CVE-2025-47564
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/c0163382-9b53-4c74-b9bd-c3baa14faee1

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Nguyễn Trung Kiên
Verified
No
WPVDB ID
f9875de7-fa56-4c2c-8a5f-f0f4991ee784

Timeline

Publicly Published
2025-05-16 (about 10 months ago)
Added
2025-05-20 (about 10 months ago)
Last Updated
2025-05-20 (about 10 months ago)

Other

Published
Title
Published
2025-08-26
Title
Parallax Section block < 2.0.0 - Missing Authorization
Published
2025-05-16
Title
Acerola <= 1.6.5 - Missing Authorization
Published
2024-04-05
Title
Church Admin < 4.1.7 - Missing Authorization
Published
2025-10-13
Title
ChatBot < 7.7.4 - Missing Authorization
Published
2022-01-17
Title
WP Ultimate CSV Importer < 6.4.2 - Subscriber+ Arbitrary Option Deletion