Lucene search
K

203 matches found

CVE
CVE
added 2026/04/14 7:43 a.m.16 views

CVE-2026-4109

The CVE concerns the WordPress plugin Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) for WordPress. Affected: all versions up to and including 4.1.8. Vulnerability: improper capability check in get_item_permissions_check() allows authenticated attackers with Subscrib...

4.3CVSS5.9AI score0.00179EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/14 7:43 a.m.1 views

CVE-2026-4109

The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the getitempermissionscheck function in all versions up to, and including, 4.1.8. This makes it possible for...

4.3CVSS5.9AI score0.00179EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/04/14 7:43 a.m.2 views

CVE-2026-4109 Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) <= 4.1.8 Missing Authorization to Authenticated (Subscriber+) Order Information Exposure

The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the getitempermissionscheck function in all versions up to, and including, 4.1.8. This makes it possible for...

4.3CVSS5.9AI score0.00179EPSS
Exploits0References2
Patchstack
Patchstack
added 2026/04/14 3:41 a.m.6 views

WordPress Eventin - Events Calendar, Event Booking, Ticket & Registration (AI Powered) plugin <= 4.1.8 Missing Authorization to Authenticated (Subscriber+) Order Information Exposure vulnerability

Events Calendar, Event Booking, Ticket & Registration AI Powered plugin = 4.1.8 Missing Authorization to Authenticated Subscriber+ Order Information Exposure vulnerability discovered by Supakiad S. m3ez - E-CQURITY Thailand in WordPress Plugin WP Event SOlution versions = 4.1.8...

4.3CVSS5.8AI score0.00179EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/04/14 12:0 a.m.6 views

WordPress plugin Eventin – Events Calendar, Event Booking, Ticket & Registration 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

4.3CVSS5.9AI score0.00179EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/04/14 12:0 a.m.6 views

PT-2026-32605

The Eventin – Events Calendar, Event Booking, Ticket & Registration AI Powered plugin for WordPress is vulnerable to unauthorized access of data due to a improper capability check on the get item permissions check function in all versions up to, and including, 4.1.8. This makes it possible for...

4.3CVSS5.9AI score0.00179EPSS
Exploits0References3
Packet Storm
Packet Storm
added 2026/03/02 12:0 a.m.156 views

📄 WordPress Eventin 4.0.34 Account Takeover

A critical vulnerability exists in the Speaker Management component of the target where an authenticated attacker can intercept the speaker update process and change any speaker's registered email address without proper authorization. This flaw allows the attacker to hijack arbitrary accounts by...

8.8CVSS6.1AI score0.00564EPSS
Exploits3
GithubExploit
GithubExploit
added 2026/02/23 10:3 p.m.167 views

Exploit for Incorrect Privilege Assignment in Themewinter Eventin

CVE-2025-47539 Exploit Overview This repository contains a...

9.8CVSS8.9AI score0.3092EPSS
Exploits4
Patchstack
Patchstack
added 2026/02/02 8:35 a.m.4 views

WordPress Eventin plugin <= 4.0.8 - Authenticated (Contributor+) Local File Inclusion vulnerability

Authenticated Contributor+ Local File Inclusion vulnerability discovered by stealthcopter in WordPress Plugin Eventin versions = 4.0.8...

8.8CVSS5.3AI score0.01025EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/01/23 9:15 p.m.6 views

CVE-2025-68047

Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through = 4.1.3...

8.8CVSS5.9AI score0.00468EPSS
Exploits0References1
NVD
NVD
added 2026/01/22 5:16 p.m.5 views

CVE-2025-68047

Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through = 4.1.3...

8.8CVSS0.00468EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/22 4:52 p.m.4 views

CVE-2025-68047 WordPress Eventin plugin <= 4.1.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through = 4.1.3...

8.8CVSS5.2AI score0.00468EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/22 4:52 p.m.19 views

CVE-2025-68047 WordPress Eventin plugin <= 4.1.3 - PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through = 4.1.3...

8.8CVSS0.00468EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/22 4:52 p.m.5 views

CVE-2025-68047

Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through = 4.1.1...

8.8CVSS5.3AI score0.00468EPSS
Exploits0References2
CVE
CVE
added 2026/01/22 4:52 p.m.14 views

CVE-2025-68047

CVE-2025-68047 affects the WordPress plugin Eventin (WP Event Manager) with versions up to and including 4.1.1. The issue is a deserialization of untrusted data leading to PHP object injection, reported as an authenticated vulnerability (Contributor+ access). Public references in Wordfence Intell...

8.8CVSS5.9AI score0.00468EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/01/22 11:24 a.m.7 views

WordPress Eventin plugin <= 4.1.3 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by w41bu1 in WordPress Plugin Eventin versions = 4.1.3...

8.8CVSS5.5AI score0.00468EPSS
Exploits0Affected Software1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.9 views

WordPress plugin Eventin: Code-related vulnerabilities

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There we...

8.8CVSS5.9AI score0.00468EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/22 12:0 a.m.9 views

PT-2026-4071

Name of the Vulnerable Software and Affected Versions Arraytics Eventin versions through 4.1.1 Description The software contains a flaw due to deserialization of untrusted data, which allows for object injection. This could potentially allow an attacker to compromise the system. Recommendations...

5.4AI score0.00468EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/01/09 9:28 a.m.9 views

CVE-2023-49756

Missing Authorization vulnerability in Arraytics Eventin wp-event-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventin: from n/a through = 3.3.52...

8.8CVSS7.3AI score0.00575EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/09 9:3 a.m.8 views

CVE-2024-39648

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 4.0.5...

5.9CVSS6.8AI score0.00294EPSS
Exploits0References1
Rows per page
Query Builder