203 matches found
CVE-2026-4109
The CVE concerns the WordPress plugin Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) for WordPress. Affected: all versions up to and including 4.1.8. Vulnerability: improper capability check in get_item_permissions_check() allows authenticated attackers with Subscrib...
CVE-2026-4109
The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the getitempermissionscheck function in all versions up to, and including, 4.1.8. This makes it possible for...
CVE-2026-4109 Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) <= 4.1.8 Missing Authorization to Authenticated (Subscriber+) Order Information Exposure
The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the getitempermissionscheck function in all versions up to, and including, 4.1.8. This makes it possible for...
WordPress Eventin - Events Calendar, Event Booking, Ticket & Registration (AI Powered) plugin <= 4.1.8 Missing Authorization to Authenticated (Subscriber+) Order Information Exposure vulnerability
Events Calendar, Event Booking, Ticket & Registration AI Powered plugin = 4.1.8 Missing Authorization to Authenticated Subscriber+ Order Information Exposure vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin WP Event SOlution versions = 4.1.8...
WordPress plugin Eventin – Events Calendar, Event Booking, Ticket & Registration 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-32605
The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the get item permissions check function in all versions up to, and including, 4.1.8. This makes it possible for...
📄 WordPress Eventin 4.0.34 Account Takeover
A critical vulnerability exists in the Speaker Management component of the target where an authenticated attacker can intercept the speaker update process and change any speaker's registered email address without proper authorization. This flaw allows the attacker to hijack arbitrary accounts by...
Exploit for Incorrect Privilege Assignment in Themewinter Eventin
CVE-2025-47539 Exploit Overview This repository contains a...
WordPress Eventin plugin <= 4.0.8 - Authenticated (Contributor+) Local File Inclusion vulnerability
Authenticated Contributor+ Local File Inclusion vulnerability discovered by stealthcopter in WordPress Plugin Eventin versions = 4.0.8...
CVE-2025-68047
Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through = 4.1.3...
CVE-2025-68047
Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through = 4.1.3...
CVE-2025-68047 WordPress Eventin plugin <= 4.1.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through = 4.1.3...
CVE-2025-68047 WordPress Eventin plugin <= 4.1.3 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through = 4.1.3...
CVE-2025-68047
Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through = 4.1.1...
CVE-2025-68047
CVE-2025-68047 affects the WordPress plugin Eventin (WP Event Manager) with versions up to and including 4.1.1. The issue is a deserialization of untrusted data leading to PHP object injection, reported as an authenticated vulnerability (Contributor+ access). Public references in Wordfence Intell...
WordPress Eventin plugin <= 4.1.3 - PHP Object Injection vulnerability
PHP Object Injection vulnerability discovered by w41bu1 in WordPress Plugin Eventin versions = 4.1.3...
WordPress plugin Eventin: Code-related vulnerabilities
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...
PT-2026-4071
Name of the Vulnerable Software and Affected Versions Arraytics Eventin versions through 4.1.1 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. This could potentially allow an attacker to compromise the system. Recommendations...
CVE-2023-49756
Missing Authorization vulnerability in Arraytics Eventin wp-event-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventin: from n/a through = 3.3.52...
CVE-2024-39648
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 4.0.5...