CVE-2020-29395

moderate-risk
Published 2020-11-30

The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.

Do I need to act?

~
3.3% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
!
1 public exploit available
49130
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
6
CVSS 6.1/10 Medium
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Myeventon

References (6)

Exploit http://packetstormsecurity.com/files/160282/WordPress-EventON-Calendar-3.0.5-Cro...
Exploit https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS
Vendor Advisory https://www.myeventon.com/news/
Exploit http://packetstormsecurity.com/files/160282/WordPress-EventON-Calendar-3.0.5-Cro...
Exploit https://github.com/mustgundogdu/Research/tree/main/EventON_PLUGIN_XSS
Vendor Advisory https://www.myeventon.com/news/
35
/ 100
moderate-risk
Severity 23/34 · High
Exploitability 7/34 · Low
Exposure 5/34 · Minimal