2 matches found
WordPress Eventin plugin <= 4.0.51 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via 'post_settings' vulnerability
Missing Authorization to Unauthenticated Stored Cross-Site Scripting via 'postsettings' vulnerability discovered by Sarawut Poolkhet MisterHelloz in WordPress Plugin Eventin versions = 4.0.51...
CVE-2025-14657 Eventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered) <= 4.0.51 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting via 'post_settings'
The Eventin – Event Manager, Events Calendar, Event Tickets and Registrations plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'postsettings' function in all versions up to, and including, 4.0.51. This makes it possible for...