X
395170

Vulnerability found in EventON Plugin <= 4.9.9 due to Broken Access Control

We are using Event On plugin v4.9.12 and have been notified of the vulnerability:

Per Patchstack: Broken Access Control
A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action.

Risks
This vulnerability is moderately dangerous and expected to become exploited.

Please see more info at Patchstack website: https://patchstack.com/database/wordpress/plugin/eventon/vulnerability/wordpress-eventon-plugin-4-9-9-broken-access-control-vulnerability-2?_a_id=473

BY: Quetzal Arellano - Aug 29,2025 AT 12:11PM - 16 hours ago
You must login to reply to this ticket

HelpDesk

Welcome to EventON helpdesk.

EventON is the #1 Best selling event calendar plugin for WordPress websites in envato marketplace.

Checkout EventON

ActionUser Plus Addon

Earn revenue when your customers submit events

EventON ActionUser Plus addon can help you to charge your customers for event submissions using its cool level-based submission forms.

Learn More

Ticketing Addon Bundle

Our complete ticket addons suite for less

EventON Ticketing bundle can help your calendar be the best ticket system with its 4 amazing feature-rich addons.

Learn More

Yearly View Addon

All New Yearly View Addon for EventON

Show all your events from an entire year all in one place using yearly view addon for eventON.

Learn More

Suppota v2025.5.30 / Product of AJDE