<img height="1" width="1" style="display:none" src="https://www.facebook.com/tr?id=1462084720533760&amp;ev=PageView&amp;noscript=1">
Virsec Security Research Lab

CVE-2020-29395 XSS in WordPress plugin EventON

Virsec Security Research Lab Vulnerability Analysis

The Virsec Security Research Lab provides timely, relevant analysis about recent and notable security vulnerabilities.

1.1        Vulnerability Summary

The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.

CVE-2020-29395

Watch the video to learn more about this and other important vulnerabilities.

1.2        CVSS Score

The CVSS Base score of this vulnerability is 6.1 Medium. CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

 

1.3        Affected Version

EventON plugin through 3.0.5

1.4        Vulnerability Attribution

This vulnerability is disclosed by the vendor themselves.

1.5        Risk Impact

WordPress is a free and open-source content management system written in PHP and paired with a MySQL or MariaDB database. Features include a plugin architecture and a template system.

WordPress is used by more than 60 million websites,[5] including 33.6% of the top 10 million websites as of April 2019,[6][7] WordPress is one of the most popular content management system solutions in use.[8] WordPress has also been used for other application domains such as pervasive display systems (PDS).[9]

This vulnerability can be used by attacker to infect all end-user browsers which can be further used for DDOS. Exploit is publicly available here.

  •  

1.6        Virsec Security Platform (VSP) Support:

The Virsec Security Platform (VSP)- Web has capability that can detect all types of XSS injection attack and prevent this attack from being exploited.


1.7        Reference Links:

Download the full vulnerability report to learn more about this and other important vulnerabilities.