Lucene search
K

203 matches found

Cvelist
Cvelist
added 2025/05/23 12:43 p.m.52 views

CVE-2025-47539 WordPress Eventin plugin <= 4.0.26 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through = 4.0.26...

9.8CVSS0.3092EPSS
Exploits4References1
Vulnrichment
Vulnrichment
added 2025/05/23 12:43 p.m.16 views

CVE-2025-47539 WordPress Eventin plugin <= 4.0.26 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through = 4.0.26...

9.8CVSS7.4AI score0.3092EPSS
Exploits4References1
EUVD
EUVD
added 2025/05/23 12:43 p.m.14 views

EUVD-2025-28094

Incorrect Privilege Assignment vulnerability in Themewinter Eventin allows Privilege Escalation. This issue affects Eventin: from n/a through 4.0.26...

9.8CVSS6.5AI score0.3092EPSS
Exploits4References1
CVE
CVE
added 2025/05/23 12:43 p.m.235 views

CVE-2025-47539

The CVE concerns the WordPress Eventin plugin (versions up to 4.0.26) with an unauthenticated privilege-escalation in a REST API endpoint. The underlying issue is a missing permission check in import_items(), allowing attackers to import users with arbitrary roles (including administrator) and po...

9.8CVSS7.4AI score0.3092EPSS
In wildExploits4References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 7:59 a.m.7 views

CVE-2024-6033

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'importfile' function in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers,...

4.3CVSS6.5AI score0.00362EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:43 a.m.7 views

CVE-2024-37507

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 3.3.57...

6.5CVSS6.8AI score0.00277EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:55 a.m.15 views

CVE-2024-56213

Path Traversal: '.../...//' vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through = 4.0.7...

8.8CVSS7.2AI score0.00555EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/05/23 12:0 a.m.14 views

WordPress plugin Eventin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS9AI score0.3092EPSS
Exploits4References2
Packet Storm News
Packet Storm News
added 2025/05/19 12:0 a.m.13 views

WordPress Eventin 4.0.26 Privilege Escalation

WordPress Eventin plugin versions 4.0.26 and below suffers from an unauthenticated privilege escalation vulnerability due to a missing authorization check in the importitems function...

9.8CVSS7.1AI score0.3092EPSS
Exploits4
RedhatCVE
RedhatCVE
added 2025/05/16 12:9 p.m.13 views

CVE-2025-47445

Relative Path Traversal vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through = 4.0.26...

9.8CVSS5.9AI score0.0465EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/16 12:0 a.m.14 views

PT-2025-21653 · WordPress · Wordpress Eventin

Name of the Vulnerable Software and Affected Versions: Eventin versions n/a through 4.0.26 Description: A critical privilege escalation flaw has been discovered in the Eventin WordPress plugin, allowing unauthenticated attackers to gain full admin access without the need for a login. This issue...

9.8CVSS9.7AI score0.3092EPSS
Exploits4References15
NVD
NVD
added 2025/05/14 12:15 p.m.27 views

CVE-2025-47445

Relative Path Traversal vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through = 4.0.26...

9.8CVSS0.0465EPSS
Exploits1References1
OSV
OSV
added 2025/05/14 12:15 p.m.4 views

CVE-2025-47445

Relative Path Traversal vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.26...

9.8CVSS5.8AI score0.0465EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/05/14 11:37 a.m.15 views

CVE-2025-47445 WordPress Eventin plugin <= 4.0.26 - Arbitrary File Download Vulnerability

Relative Path Traversal vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through = 4.0.26...

7.5CVSS5.9AI score0.0465EPSS
Exploits1References1
CVE
CVE
added 2025/05/14 11:37 a.m.64 views

CVE-2025-47445

The CVE-2025-47445 issue affects WordPress plugin Eventin (Themewinter) up to version 4.0.26. A path traversal vulnerability caused by relative path manipulation allows arbitrary file downloads from the server, enabling potential information disclosure. The publicly documented affected range is E...

9.8CVSS5.9AI score0.0465EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2025/05/14 11:37 a.m.128 views

CVE-2025-47445 WordPress Eventin plugin <= 4.0.26 - Arbitrary File Download Vulnerability

Relative Path Traversal vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through = 4.0.26...

7.5CVSS0.0465EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2025/05/14 12:0 a.m.4 views

PT-2025-21149

Name of the Vulnerable Software and Affected Versions: Eventin versions n/a through 4.0.26 Description: The issue affects Themewinter Eventin, allowing Relative Path Traversal. This enables Path Traversal, which can be exploited. Recommendations: For versions n/a through 4.0.26, update to a versi...

9.8CVSS7.5AI score0.0465EPSS
Exploits1References9
CNNVD
CNNVD
added 2025/05/14 12:0 a.m.26 views

WordPress plugin Eventin 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

9.8CVSS7.3AI score0.0465EPSS
Exploits1References2
Patchstack
Patchstack
added 2025/05/08 12:3 p.m.9 views

WordPress Eventin plugin <= 4.0.26 - Arbitrary File Download Vulnerability

Arbitrary File Download Vulnerability discovered by astra.r3verii in WordPress Plugin Eventin versions = 4.0.26...

9.8CVSS6.7AI score0.0465EPSS
Exploits1Affected Software1
OSV
OSV
added 2025/05/08 6:15 a.m.4 views

CVE-2025-3419

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.0.26 via the proxyimage function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on...

7.5CVSS7.3AI score0.00609EPSS
Exploits1References2
Rows per page
Query Builder