Vulnerability reported by WordFence

  • The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.

    This has just turned up on my WordFence.

    Cause for concern?

    The page I need help with: [log in to see the link]

Viewing 8 replies - 1 through 8 (of 8 total)
  • Plugin Support ArtemSupport

    (@artemsupport)

    Hello,
    I am going to contact Ashan about this. He’ll get back to you ASAP.

    Thread Starter martal

    (@martal)

    Any update on this, Artem?

    Plugin Support ArtemSupport

    (@artemsupport)

    No updates on this topic, I am afraid.

    Plugin Author Ashan Perera

    (@ashanjay)

    Sorry for the delay. Is there anyway to get a more details on where exactly these security errors are coming from?

    Thread Starter martal

    (@martal)

    The critical warning was from Wordfence.

    The link in my original post is still valid.

    I was going to post a screenshot but I uninstalled EventOn Lite. I didn’t touch the database.

    I’ve reinstalled it. Original events and settings are still there.

    But no warning from Wordfence as yet.

    Thread Starter martal

    (@martal)

    The Wordfence warning has turned up again.It’s scan indicates that Eventon Lite has a security vulnerability.

    Then this link is included —
    https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29395

    I am now going to uninstall the plugin again.

    Plugin Support ArtemSupport

    (@artemsupport)

    Ashan will check this ASAP.
    @ashanjay Could you take a look?

    Plugin Author Ashan Perera

    (@ashanjay)

    I also installed the same plugin on our end and got the same warning but it doesnt say where exactly its coming from. If we can tell where this is coming from exactly then we can find a fix.

    We will keep an eye on any security issues we will find.

Viewing 8 replies - 1 through 8 (of 8 total)
  • The topic ‘Vulnerability reported by WordFence’ is closed to new replies.