CVE-2025-7813 Event Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request Forgery

The Events Calendar, Event Booking, Registrations and Event Tickets – Eventin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.37 via the proxyimage function. This makes it possible for unauthenticated attackers to make web requests to...

CVE-2025-49869 WordPress Eventin Plugin <= 4.0.31 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through = 4.0.31...

WordPress Eventin Plugin <= 4.0.31 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Eventin versions = 4.0.31...

CVE-2025-49321 WordPress Eventin plugin <= 4.0.28 - Cross Site Scripting (XSS) Vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Arraytics Eventin wp-event-solution allows Reflected XSS.This issue affects Eventin: from n/a through = 4.0.28...

CVE-2025-49321

CVE-2025-49321 is a Cross-Site Scripting vulnerability in WordPress plugin Eventin (affected: 4.0.28 and earlier). The issue is described as improper input neutralization during web page generation, enabling a Reflected XSS attack. Exploitation details are not provided in the core description, bu...

CVE-2025-47539 WordPress Eventin plugin <= 4.0.26 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through = 4.0.26...

CVE-2025-47539 WordPress Eventin plugin <= 4.0.26 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through = 4.0.26...

WordPress Eventin 4.0.26 Privilege Escalation

WordPress Eventin plugin versions 4.0.26 and below suffers from an unauthenticated privilege escalation vulnerability due to a missing authorization check in the importitems function...

CVE-2025-47445 WordPress Eventin plugin <= 4.0.26 - Arbitrary File Download Vulnerability

Relative Path Traversal vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through = 4.0.26...

WordPress Eventin plugin <= 4.0.26 - Arbitrary File Download Vulnerability

Arbitrary File Download Vulnerability discovered by astra.r3verii in WordPress Plugin Eventin versions = 4.0.26...

CVE-2025-39584 WordPress Eventin <= 4.0.25 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.25...

CVE-2025-39584

CVE-2025-39584 corresponds to a WordPress Eventin vulnerability: an Authenticated Local File Inclusion via an improper filename control in the PHP include/require flow. Affected software is Eventin versions up to and including 4.0.25. The root cause is described as improper control of the filenam...

CVE-2025-39584 WordPress Eventin plugin <= 4.0.25 - Local File Inclusion Vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Arraytics Eventin wp-event-solution allows PHP Local File Inclusion.This issue affects Eventin: from n/a through = 4.0.25...

CVE-2025-26964 WordPress Eventin plugin <= 4.0.20 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Arraytics Eventin wp-event-solution allows PHP Local File Inclusion.This issue affects Eventin: from n/a through = 4.0.20...

CVE-2025-26964 WordPress Eventin plugin <= 4.0.20 - Local File Inclusion vulnerability

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Arraytics Eventin wp-event-solution allows PHP Local File Inclusion.This issue affects Eventin: from n/a through = 4.0.20...

CVE-2024-56213 WordPress Eventin plugin <= 4.0.7 - Contributor+ Limited Local File Inclusion vulnerability

Path Traversal: '.../...//' vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through = 4.0.7...

CVE-2024-56213

WordPress Plugin Eventin vulnerable to Path Traversal (pattern '.../...//') in versions n/a–4.0.7, enabling local file access. Root cause: path traversal in Eventin handled via Contributor+ LFI. Affected product: Themewinter Eventin WordPress plugin (

CVE-2024-56213 WordPress Eventin plugin <= 4.0.7 - Contributor+ Limited Local File Inclusion vulnerability

Path Traversal: '.../...//' vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through = 4.0.7...

CVE-2023-49756 WordPress Eventin plugin <= 3.3.52 - Authenticated Notice Dismissal Vulnerability

Missing Authorization vulnerability in Arraytics Eventin wp-event-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventin: from n/a through = 3.3.52...

WordPress Eventin Plugin <= 4.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Eventin Type Plugin Vulnerable versions = 4.0.5 Fixed in 4.0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39648 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 722abe293d5f Credits justakazh Required privilege Author Published ...