Hi EventON team,
Our server security scanner (Plesk) flagged a high-severity vulnerability in EventON Pro that affects our installation.
Details:
- Plugin: EventON (Pro) — WordPress Virtual Event Calendar
- Affected versions: <= 5.0.11
- CVE: CVE-2026-9711
- Type: Unauthenticated Blind SQL Injection via the search parameter
- Severity: High
- Sources: Patchstack, Wordfence (published 29–30 June 2026)
We are currently running an affected version. Could you let us know:
1. Whether a patched version is already available, and if so, which version number resolves this CVE?
2. If no fix is released yet, the expected timeline for a patch?
3. Any recommended mitigation we can apply in the meantime while a fix is pending?
We'd appreciate a quick response given the severity and the fact that the vulnerability is unauthenticated. Thanks in advance.
Kind regards