CVE-2020-29395

MEDIUM NUCLEI

EventON < 3.0.5 - Cross-Site Scripting via Search Field

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-29395. PoCs published by B3KC4T. A Nuclei detection template is also available.

AI-analyzed exploit summary This Python script demonstrates a reflected XSS vulnerability in WordPress Plugin EventON Calendar 3.0.5 by injecting a payload into the 'q' parameter of the addons page. It verifies the vulnerability by checking if the payload is reflected in the response.

Description

The EventON plugin through 3.0.5 for WordPress allows addons/?q= XSS via the search field.

Exploits (1)

exploitdb WORKING POC
by B3KC4T · pythonwebappsphp
https://www.exploit-db.com/exploits/49130

This Python script demonstrates a reflected XSS vulnerability in WordPress Plugin EventON Calendar 3.0.5 by injecting a payload into the 'q' parameter of the addons page. It verifies the vulnerability by checking if the payload is reflected in the response.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Trivial
Reliability
Reliable
Target: WordPress Plugin EventON Calendar 3.0.5
No auth needed
Prerequisites: Target URL with vulnerable plugin installed
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026 Full analysis →

Nuclei Templates (1)

Wordpress EventON Calendar 3.0.5 - Cross-Site Scripting
MEDIUMby daffainfo
Shodan: http.html:/wp-content/plugins/eventon/ || http.html:/wp-content/plugins/eventon-lite/
FOFA: wp-content/plugins/eventon/ || body=/wp-content/plugins/eventon/ || body=/wp-content/plugins/eventon-lite/

References (3)

Core 3
Core References
Vendor Advisory x_refsource_misc
https://www.myeventon.com/news/

Scores

CVSS v3 6.1
EPSS 0.1170
EPSS Percentile 95.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CWE
CWE-79
Status published
Products (1)
myeventon/eventon < 3.0.5
Published Nov 30, 2020
Tracked Since Feb 18, 2026