vulnerability once again

  • Resolved orbitbob

    (@orbitbob)


    1 year ago

    Once again, Patchstack is showing this plugin has known vulnerabilities:

    Known Vulnerabilities

    WordPress EventON – WordPress Virtual Event Calendar Plugin plugin <= 4.9.6 – Missing Authorization to Authenticated (Subscriber+) Stored Cross-Site Scripting vulnerability
    | View in Patchstack

    WordPress EventON <= 2.4.4 – Broken Access Control Vulnerability
    View in Patchstack

Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support ArtemSupport

    (@artemsupport)

    1 year ago

    Hello,

    Thank you for letting us know! @ashanjay will check this ASAP.

    Plugin Author Ashan Perera

    (@ashanjay)

    1 year ago

    Thank you my friend for letting us know. We are working on resolving this right away. EventON Main plugin issue has been resolved in 4.9.7 – We will get a fix for Lite ASAP.

    Plugin Author Ashan Perera

    (@ashanjay)

    1 year ago

    Just wanted to update you, we just released a new version 2.4.5 addressing this issue.

    caordawebsol

    (@caordawebsol)

    1 year ago

    Sorry but it is not fixed (or this is new):

    WordPress EventON plugin <= 4.9.9 – Broken Access Control vulnerability
    View in Patchstack

    Plugin Support ArtemSupport

    (@artemsupport)

    1 year ago

    @ashanjay will check this ASAP. Thank you!

    Plugin Author Ashan Perera

    (@ashanjay)

    1 year ago

    That is related to EventON Full version and we have released 4.9.8 from 4.9.7 to address that issue. We have also reached out to them to correct the version number on the report because 4.9.9 has not even released yet.

Viewing 6 replies - 1 through 6 (of 6 total)

The topic ‘vulnerability once again’ is closed to new replies.