The EventON - WordPress Virtual Event Calendar Plugin...
Moderate severity
Unreviewed
Published
Jan 10, 2024
to the GitHub Advisory Database
•
Updated Jan 17, 2024
Description
Published by the National Vulnerability Database
Jan 10, 2024
Published to the GitHub Advisory Database
Jan 10, 2024
Last updated
Jan 17, 2024
The EventON - WordPress Virtual Event Calendar Plugin plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the evo_eventpost_update_meta function in all versions up to, and including, 4.5.4 (for Pro) and 2.2.7 (for free). This makes it possible for unauthenticated attackers to update and remove arbitrary post metadata. Note that certain parameters may allow for content injection.
References