From KINSTA – with similar notices today 5/2/25 from WORDFENCE and ITHEMES SECURITY. I realize that the version is wrong, but many of your customers are getting these notices and I think you will damage to your business if you do not sort it out. I see the 4.9.8 update, but these notices remain coming to us multiple times per day.

https://www.cve.org/CVERecord?id=CVE-2025-47564

https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/eventon/eventon-pro-499-missing-authorization

https://wpscan.com/vulnerability/f9875de7-fa56-4c2c-8a5f-f0f4991ee784/

https://patchstack.com/database/wordpress/plugin/eventon/vulnerability/wordpress-eventon-plugin-4-9-9-broken-access-control-vulnerability?_s_id=cve

We are writing to you today to notify you about a security vulnerability discovered in the EventON (Pro) plugin. We detected the plugin on one or more of your websites

You can ignore this message if you have already updated EventON (Pro) to the latest version or have it set to update automatically.

The plugin has a vulnerability that makes it possible for unauthenticated visitors to perform unspecified unauthorized actions.