203 matches found
CVE-2025-47539 WordPress Eventin plugin <= 4.0.26 - Privilege Escalation Vulnerability
Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through = 4.0.26...
CVE-2025-47539 WordPress Eventin plugin <= 4.0.26 - Privilege Escalation Vulnerability
Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through = 4.0.26...
EUVD-2025-28094
Incorrect Privilege Assignment vulnerability in Themewinter Eventin allows Privilege Escalation. This issue affects Eventin: from n/a through 4.0.26...
CVE-2025-47539
The CVE concerns the WordPress Eventin plugin (versions up to 4.0.26) with an unauthenticated privilege-escalation in a REST API endpoint. The underlying issue is a missing permission check in import_items(), allowing attackers to import users with arbitrary roles (including administrator) and po...
CVE-2024-6033
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'importfile' function in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers,...
CVE-2024-37507
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 3.3.57...
CVE-2024-56213
Path Traversal: '.../...//' vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through = 4.0.7...
WordPress plugin Eventin 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Eventin 4.0.26 Privilege Escalation
WordPress Eventin plugin versions 4.0.26 and below suffers from an unauthenticated privilege escalation vulnerability due to a missing authorization check in the importitems function...
CVE-2025-47445
Relative Path Traversal vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through = 4.0.26...
PT-2025-21653 · WordPress · Wordpress Eventin
Name of the Vulnerable Software and Affected Versions: Eventin versions n/a through 4.0.26 Description: A critical privilege escalation flaw has been discovered in the Eventin WordPress plugin, allowing unauthenticated attackers to gain full admin access without the need for a login. This issue...
CVE-2025-47445
Relative Path Traversal vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through = 4.0.26...
CVE-2025-47445
Relative Path Traversal vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.26...
CVE-2025-47445 WordPress Eventin plugin <= 4.0.26 - Arbitrary File Download Vulnerability
Relative Path Traversal vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through = 4.0.26...
CVE-2025-47445
The CVE-2025-47445 issue affects WordPress plugin Eventin (Themewinter) up to version 4.0.26. A path traversal vulnerability caused by relative path manipulation allows arbitrary file downloads from the server, enabling potential information disclosure. The publicly documented affected range is E...
CVE-2025-47445 WordPress Eventin plugin <= 4.0.26 - Arbitrary File Download Vulnerability
Relative Path Traversal vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through = 4.0.26...
PT-2025-21149
Name of the Vulnerable Software and Affected Versions: Eventin versions n/a through 4.0.26 Description: The issue affects Themewinter Eventin, allowing Relative Path Traversal. This enables Path Traversal, which can be exploited. Recommendations: For versions n/a through 4.0.26, update to a versi...
WordPress plugin Eventin 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...
WordPress Eventin plugin <= 4.0.26 - Arbitrary File Download Vulnerability
Arbitrary File Download Vulnerability discovered by astra.r3verii in WordPress Plugin Eventin versions = 4.0.26...
CVE-2025-3419
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.0.26 via the proxyimage function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on...