Lucene search
K

203 matches found

Patchstack
Patchstack
added 2025/08/08 10:25 p.m.15 views

WordPress Eventin plugin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover vulnerability

Authenticated Contributor+ Privilege Escalation via User Email Change/Account Takeover vulnerability discovered by István Márton in WordPress Plugin Eventin versions = 4.0.34...

8.8CVSS4.6AI score0.00564EPSS
Exploits3References1Affected Software1
OSV
OSV
added 2025/08/08 7:15 p.m.5 views

CVE-2025-4796

The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's identity or capability prior to updating their details like email in the...

8.8CVSS5.9AI score0.00564EPSS
Exploits3References3
NVD
NVD
added 2025/08/08 7:15 p.m.45 views

CVE-2025-4796

The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's identity or capability prior to updating their details like email in the...

8.8CVSS0.00564EPSS
Exploits3References3
CVE
CVE
added 2025/08/08 6:26 p.m.39 views

CVE-2025-4796

The Eventin WordPress plugin (

8.8CVSS7AI score0.00564EPSS
Exploits3References3Affected Software1
Cvelist
Cvelist
added 2025/08/08 6:26 p.m.48 views

CVE-2025-4796 Eventin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover

The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's identity or capability prior to updating their details like email in the...

8.8CVSS0.00564EPSS
Exploits3References3
Vulnrichment
Vulnrichment
added 2025/08/08 6:26 p.m.11 views

CVE-2025-4796 Eventin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover

The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's identity or capability prior to updating their details like email in the...

8.8CVSS7.3AI score0.00564EPSS
Exploits3References3
Positive Technologies
Positive Technologies
added 2025/08/08 12:0 a.m.13 views

PT-2025-32390 · WordPress · Eventin

Name of the Vulnerable Software and Affected Versions: Eventin versions through 4.0.34 Description: The Eventin plugin for WordPress is susceptible to privilege escalation, potentially leading to account takeover. This occurs because the plugin does not adequately validate a user’s identity or...

8.8CVSS6.9AI score0.00564EPSS
Exploits3References8
CNNVD
CNNVD
added 2025/08/08 12:0 a.m.11 views

WordPress plugin Eventin 安全漏洞

WordPress Eventin plugin is an event management plugin designed for WordPress that supports event creation, registration, ticketing and calendar synchronization for offline, online and mixed event management. An elevation of privilege vulnerability exists in WordPress Eventin plugin, which stems...

8.8CVSS7AI score0.00564EPSS
Exploits3References4
RedhatCVE
RedhatCVE
added 2025/06/29 12:6 p.m.17 views

CVE-2025-49321

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arraytics Eventin wp-event-solution allows Reflected XSS.This issue affects Eventin: from n/a through = 4.0.28...

7.1CVSS5.9AI score0.00223EPSS
Exploits0References1
OSV
OSV
added 2025/06/27 12:15 p.m.4 views

CVE-2025-49321

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arraytics Eventin allows Reflected XSS. This issue affects Eventin: from n/a through 4.0.28...

6.1CVSS5.8AI score0.00223EPSS
Exploits0References1
NVD
NVD
added 2025/06/27 12:15 p.m.5 views

CVE-2025-49321

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arraytics Eventin wp-event-solution allows Reflected XSS.This issue affects Eventin: from n/a through = 4.0.28...

7.1CVSS0.00223EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/27 11:52 a.m.11 views

CVE-2025-49321 WordPress Eventin plugin <= 4.0.28 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arraytics Eventin wp-event-solution allows Reflected XSS.This issue affects Eventin: from n/a through = 4.0.28...

7.1CVSS0.00223EPSS
Exploits0References1
CVE
CVE
added 2025/06/27 11:52 a.m.23 views

CVE-2025-49321

CVE-2025-49321 is a Cross-Site Scripting vulnerability in WordPress plugin Eventin (affected: 4.0.28 and earlier). The issue is described as improper input neutralization during web page generation, enabling a Reflected XSS attack. Exploitation details are not provided in the core description, bu...

7.1CVSS5.9AI score0.00223EPSS
Exploits0References1Affected Software1
Vulnrichment
Vulnrichment
added 2025/06/27 11:52 a.m.3 views

CVE-2025-49321 WordPress Eventin plugin <= 4.0.28 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arraytics Eventin wp-event-solution allows Reflected XSS.This issue affects Eventin: from n/a through = 4.0.28...

7.1CVSS5.2AI score0.00223EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/06/27 12:0 a.m.4 views

WordPress plugin Eventin 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site scripting...

7.1CVSS5.9AI score0.00223EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/06/27 12:0 a.m.6 views

PT-2025-27107 · Arraytics · Arraytics Eventin

Name of the Vulnerable Software and Affected Versions: Arraytics Eventin versions through 4.0.28 Description: The issue is related to Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting, which allows Reflected XSS. Recommendations: For versions through...

7.1CVSS6.8AI score0.00223EPSS
Exploits0References5
GithubExploit
GithubExploit
added 2025/06/05 6:44 p.m.243 views

Exploit for External Control of File Name or Path in Themewinter Eventin

CVE-2025-3419 - WordPress Eventin = 4.0.26 - Arbitrary File R...

7.5CVSS7.1AI score0.00609EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/25 1:19 p.m.17 views

CVE-2025-47539

Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through = 4.0.26...

9.8CVSS7.4AI score0.3092EPSS
Exploits4References1
OSV
OSV
added 2025/05/23 1:15 p.m.4 views

CVE-2025-47539

Incorrect Privilege Assignment vulnerability in Themewinter Eventin allows Privilege Escalation. This issue affects Eventin: from n/a through 4.0.26...

9.8CVSS5.8AI score0.3092EPSS
Exploits4References1
NVD
NVD
added 2025/05/23 1:15 p.m.19 views

CVE-2025-47539

Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through = 4.0.26...

9.8CVSS0.3092EPSS
Exploits4References1
Rows per page
Query Builder