Exploit for Authorization Bypass Through User-Controlled Key in Themewinter Eventin

CVE-2025-4796 eventin and update the speaker email to an emai...

CVE-2025-4796

creationtimestamp| type| source ---|---|--- 2025-08-10 09:01:36+00:00| seen| https://bsky.app/profile/offseq.bsky.social/post/3lvzwax54dm2d 2025-10-25 21:00:05+00:00| published-proof-of-concept| Telegram/CIibF5krEqXHuHs5TqPPIuQ0aPwRPsmd2xxsRxQT1IxhBk 2025-11-01 04:31:23+00:00|...

WordPress Eventin plugin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover vulnerability

Authenticated Contributor+ Privilege Escalation via User Email Change/Account Takeover vulnerability discovered by István Márton in WordPress Plugin Eventin versions = 4.0.34...

CVE-2025-4796 Eventin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover

The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's identity or capability prior to updating their details like email in the...