Skip to main content

Eventon Pro Wordpress Virtual Event Calendar Plugin

1 CVEs product

Monthly

CVE-2026-9711 CRITICAL Act Now

Unauthenticated SQL injection in the EventON WordPress Virtual Event Calendar plugin (versions through 5.0.11) lets remote attackers inject arbitrary SQL through the 'search' parameter, enabling extraction of database contents such as user credentials and secrets. Exploitation is gated by the non-default 'Enable additional search queries' setting being enabled and the presence of at least one published event. Reported by Wordfence with a CVSS of 9.8; no public exploit identified at time of analysis.

WordPress SQLi Eventon Pro Wordpress Virtual Event Calendar Plugin
NVD VulDB
CVSS 3.1
9.8
EPSS
0.4%
EPSS 0% CVSS 9.8
CRITICAL Act Now

Unauthenticated SQL injection in the EventON WordPress Virtual Event Calendar plugin (versions through 5.0.11) lets remote attackers inject arbitrary SQL through the 'search' parameter, enabling extraction of database contents such as user credentials and secrets. Exploitation is gated by the non-default 'Enable additional search queries' setting being enabled and the presence of at least one published event. Reported by Wordfence with a CVSS of 9.8; no public exploit identified at time of analysis.

WordPress SQLi Eventon Pro Wordpress Virtual Event Calendar Plugin
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy