X
409390

Security vulnerability in EventON Pro 5.0.11 — CVE-2026-9711 (SQL Injection)

Hi EventON team,

Our server security scanner (Plesk) flagged a high-severity vulnerability in EventON Pro that affects our installation.

Details:
- Plugin: EventON (Pro) — WordPress Virtual Event Calendar
- Affected versions: <= 5.0.11 - CVE: CVE-2026-9711 - Type: Unauthenticated Blind SQL Injection via the search parameter - Severity: High - Sources: Patchstack, Wordfence (published 29–30 June 2026) We are currently running an affected version. Could you let us know: 1. Whether a patched version is already available, and if so, which version number resolves this CVE? 2. If no fix is released yet, the expected timeline for a patch? 3. Any recommended mitigation we can apply in the meantime while a fix is pending? We'd appreciate a quick response given the severity and the fact that the vulnerability is unauthenticated. Thanks in advance. Kind regards

BY: Stefan Frans - Jun 30,2026 AT 4:39AM - 15 minutes ago
You must login to reply to this ticket

HelpDesk

Welcome to EventON helpdesk.

EventON is the #1 Best selling event calendar plugin for WordPress websites in envato marketplace.

Checkout EventON