CVE-2025-7813 Event Manager, Events Calendar, Booking, Registrations and Tickets – Eventin <= 4.0.37 - Unauthenticated Server-Side Request Forgery

The Events Calendar, Event Booking, Registrations and Event Tickets – Eventin plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.37 via the proxyimage function. This makes it possible for unauthenticated attackers to make web requests to...

CVE-2025-49869 WordPress Eventin Plugin <= 4.0.31 - PHP Object Injection Vulnerability

Deserialization of Untrusted Data vulnerability in Arraytics Eventin wp-event-solution allows Object Injection.This issue affects Eventin: from n/a through = 4.0.31...

WordPress Eventin Plugin <= 4.0.31 - PHP Object Injection Vulnerability

PHP Object Injection Vulnerability discovered by Nguyen Ngoc Quang Bach maysbachs in WordPress Plugin Eventin versions = 4.0.31...

WordPress Eventin plugin <= 4.0.26 - Arbitrary File Download Vulnerability

Arbitrary File Download Vulnerability discovered by astra.r3verii in WordPress Plugin Eventin versions = 4.0.26...

WordPress Eventin Plugin <= 4.0.5 is vulnerable to Cross Site Scripting (XSS)

Software Eventin Type Plugin Vulnerable versions = 4.0.5 Fixed in 4.0.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39648 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 722abe293d5f Credits justakazh Required privilege Author Published ...

WordPress Eventin Plugin <= 3.3.50 is vulnerable to Broken Access Control

Software Eventin Type Plugin Vulnerable versions = 3.3.50 Fixed in 3.3.51 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1122 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID a2c7fec8c772 Credits Francesco Carlucci Required privileg...