Lucene search
K
ThemewinterEventin

16 matches found

CVE
CVE
added 2025/05/23 12:43 p.m.234 views

CVE-2025-47539

The CVE concerns the WordPress Eventin plugin (versions up to 4.0.26) with an unauthenticated privilege-escalation in a REST API endpoint. The underlying issue is a missing permission check in import_items(), allowing attackers to import users with arbitrary roles (including administrator) and po...

9.8CVSS7.4AI score0.3092EPSS
In wild
CVE
CVE
added 2025/05/08 5:22 a.m.91 views

CVE-2025-3419

CVE-2025-3419 affects the WordPress plugin family “Event Manager, Events Calendar, Tickets, Registrations – Eventin” (

7.5CVSS7.3AI score0.00609EPSS
Web
CVE
CVE
added 2025/04/16 12:44 p.m.85 views

CVE-2025-39584

CVE-2025-39584 corresponds to a WordPress Eventin vulnerability: an Authenticated Local File Inclusion via an improper filename control in the PHP include/require flow. Affected software is Eventin versions up to and including 4.0.25. The root cause is described as improper control of the filenam...

7.5CVSS7.2AI score0.00786EPSS
CVE
CVE
added 2024/12/31 10:2 a.m.74 views

CVE-2024-56213

WordPress Plugin Eventin vulnerable to Path Traversal (pattern '.../...//') in versions n/a–4.0.7, enabling local file access. Root cause: path traversal in Eventin handled via Contributor+ LFI. Affected product: Themewinter Eventin WordPress plugin (

8.8CVSS7.2AI score0.00555EPSS
CVE
CVE
added 2025/03/20 5:22 a.m.71 views

CVE-2025-1770

CVE-2025-1770 : Local File Inclusion in WordPress plugin “Eventin” (Event Manager, Events Calendar, Tickets, Registrations) up to version 4.0.24 via the style parameter. Exploitation requires authenticated access at Contributor level or higher and can lead to arbitrary file inclusion and executio...

8.8CVSS8.9AI score0.00781EPSS
CVE
CVE
added 2025/03/20 5:22 a.m.68 views

CVE-2025-1766

CVE-2025-1766 affects the WordPress plugin Eventin (Event Manager/Events Calendar/Tickets/Registrations) up to version 4.0.24. Root cause: missing capability check in the payment_complete function allows unauthenticated modification of data, enabling an attacker to set ticket payments to 'complet...

5.3CVSS5.3AI score0.00343EPSS
CVE
CVE
added 2025/02/25 2:17 p.m.68 views

CVE-2025-26964

CVE-2025-26964 affects WordPress plugin Eventin (Event Manager, Events Calendar, Tickets, Registrations). The vulnerability is an authenticated Local File Inclusion (LFI) caused by improper filename control in PHP include/require, allowing an authorized attacker to influence included files. Affec...

8.8CVSS7.2AI score0.007EPSS
CVE
CVE
added 2024/08/01 9:56 p.m.66 views

CVE-2024-39648

CVE-2024-39648 is a stored XSS flaw in the Themewinter Eventin WordPress plugin. Public sources indicate vulnerability in Eventin versions n/a–4.0.5, with Patchstack noting a fix in 4.0.6. Providers (NVD/Red Hat/Wordfence) describe the flaw as improper input neutralization during web page generat...

5.9CVSS5.7AI score0.00294EPSS
CVE
CVE
added 2024/12/09 11:30 a.m.63 views

CVE-2023-49756

CVE-2023-49756 refers to WordPress Eventin plugin

8.8CVSS7.3AI score0.00575EPSS
CVE
CVE
added 2025/05/14 11:37 a.m.62 views

CVE-2025-47445

The CVE-2025-47445 issue affects WordPress plugin Eventin (Themewinter) up to version 4.0.26. A path traversal vulnerability caused by relative path manipulation allows arbitrary file downloads from the server, enabling potential information disclosure. The publicly documented affected range is E...

9.8CVSS5.9AI score0.0465EPSS
CVE
CVE
added 2024/07/17 6:45 a.m.58 views

CVE-2024-6033

CVE-2024-6033 concerns WordPress plugin Eventin (Event Manager, Events Calendar, Tickets, Registrations). The advisory states a missing capability check on the import_file function across all versions up to and including 4.0.4, enabling authenticated attackers with Contributor-level access and ab...

4.3CVSS4.7AI score0.00362EPSS
CVE
CVE
added 2024/09/27 1:52 p.m.58 views

CVE-2024-7149

CVE-2024-7149 — The Event Manager/Events Calendar/Tickets/Registrations – Eventin WordPress plugin (

8.8CVSS8.9AI score0.01025EPSS
CVE
CVE
added 2024/07/21 7:21 a.m.53 views

CVE-2024-37507

CVE-2024-37507 is a stored XSS in the Themewinter Eventin WordPress plugin, affecting Eventin versions up to 3.3.57. Root cause: Improper neutralization of input during web page generation. Exploitation requires authentication; impact is stored XSS on affected pages. Remediation: update to a fixe...

6.5CVSS6.5AI score0.00277EPSS
CVE
CVE
added 2024/02/09 4:31 a.m.51 views

CVE-2024-1122

The WordPress plugin set for Eventin (Event Manager, Events Calendar, Events Tickets for WooCommerce) is vulnerable to Broken Access Control due to a missing capability check in the export_data() function. All versions up to and including 3.3.50 allow unauthenticated attackers to export event dat...

5.3CVSS6AI score0.00471EPSS
CVE
CVE
added 2025/08/08 6:26 p.m.39 views

CVE-2025-4796

The Eventin WordPress plugin (

8.8CVSS7AI score0.00564EPSS
Web
CVE
CVE
added 2025/06/27 11:52 a.m.23 views

CVE-2025-49321

CVE-2025-49321 is a Cross-Site Scripting vulnerability in WordPress plugin Eventin (affected: 4.0.28 and earlier). The issue is described as improper input neutralization during web page generation, enabling a Reflected XSS attack. Exploitation details are not provided in the core description, bu...

7.1CVSS5.9AI score0.00223EPSS