EventON: Malicious Code Can Be Injected into Web Pages

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

7.1

EventON: Malicious Code Can Be Injected into Web Pages

CVE-2026-28037

Summary

The EventON plugin has a security flaw that allows hackers to inject malicious code into EventON web pages. This can happen when users click on a link or submit a form with malicious data. To fix this, update to version 4.9.12 or later to prevent this type of attack.

Original title

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ashanjay EventON eventon allows Reflected XSS.This issue affects EventON: from n/a through <= 4...

Original description

nvd CVSS3.1 7.1

Vulnerability type

CWE-79 Cross-site Scripting (XSS)

https://patchstack.com/database/Wordpress/Plugin/eventon/vulnerability/wordpress...

Published: 5 Mar 2026 · Updated: 13 Mar 2026 · First seen: 6 Mar 2026