203 matches found
WordPress Eventin plugin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover vulnerability
Authenticated Contributor+ Privilege Escalation via User Email Change/Account Takeover vulnerability discovered by István Márton in WordPress Plugin Eventin versions = 4.0.34...
CVE-2025-4796
The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's identity or capability prior to updating their details like email in the...
CVE-2025-4796
The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's identity or capability prior to updating their details like email in the...
CVE-2025-4796
The Eventin WordPress plugin (
CVE-2025-4796 Eventin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover
The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's identity or capability prior to updating their details like email in the...
CVE-2025-4796 Eventin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover
The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's identity or capability prior to updating their details like email in the...
PT-2025-32390 · WordPress · Eventin
Name of the Vulnerable Software and Affected Versions: Eventin versions through 4.0.34 Description: The Eventin plugin for WordPress is susceptible to privilege escalation, potentially leading to account takeover. This occurs because the plugin does not adequately validate a user’s identity or...
WordPress plugin Eventin 安全漏洞
WordPress Eventin plugin is an event management plugin designed for WordPress that supports event creation, registration, ticketing and calendar synchronization for offline, online and mixed event management. An elevation of privilege vulnerability exists in WordPress Eventin plugin, which stems...
CVE-2025-49321
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arraytics Eventin wp-event-solution allows Reflected XSS.This issue affects Eventin: from n/a through = 4.0.28...
CVE-2025-49321
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arraytics Eventin allows Reflected XSS. This issue affects Eventin: from n/a through 4.0.28...
CVE-2025-49321
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arraytics Eventin wp-event-solution allows Reflected XSS.This issue affects Eventin: from n/a through = 4.0.28...
CVE-2025-49321 WordPress Eventin plugin <= 4.0.28 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arraytics Eventin wp-event-solution allows Reflected XSS.This issue affects Eventin: from n/a through = 4.0.28...
CVE-2025-49321
CVE-2025-49321 is a Cross-Site Scripting vulnerability in WordPress plugin Eventin (affected: 4.0.28 and earlier). The issue is described as improper input neutralization during web page generation, enabling a Reflected XSS attack. Exploitation details are not provided in the core description, bu...
CVE-2025-49321 WordPress Eventin plugin <= 4.0.28 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arraytics Eventin wp-event-solution allows Reflected XSS.This issue affects Eventin: from n/a through = 4.0.28...
WordPress plugin Eventin 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...
PT-2025-27107 · Arraytics · Arraytics Eventin
Name of the Vulnerable Software and Affected Versions: Arraytics Eventin versions through 4.0.28 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. Recommendations: For versions through...
Exploit for External Control of File Name or Path in Themewinter Eventin
CVE-2025-3419 - WordPress Eventin = 4.0.26 - Arbitrary File R...
CVE-2025-47539
Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through = 4.0.26...
CVE-2025-47539
Incorrect Privilege Assignment vulnerability in Themewinter Eventin allows Privilege Escalation. This issue affects Eventin: from n/a through 4.0.26...
CVE-2025-47539
Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through = 4.0.26...