16 matches found
CVE-2025-47539
The CVE concerns the WordPress Eventin plugin (versions up to 4.0.26) with an unauthenticated privilege-escalation in a REST API endpoint. The underlying issue is a missing permission check in import_items(), allowing attackers to import users with arbitrary roles (including administrator) and po...
CVE-2025-3419
CVE-2025-3419 affects the WordPress plugin family “Event Manager, Events Calendar, Tickets, Registrations – Eventin” (
CVE-2025-39584
CVE-2025-39584 corresponds to a WordPress Eventin vulnerability: an Authenticated Local File Inclusion via an improper filename control in the PHP include/require flow. Affected software is Eventin versions up to and including 4.0.25. The root cause is described as improper control of the filenam...
CVE-2024-56213
WordPress Plugin Eventin vulnerable to Path Traversal (pattern '.../...//') in versions n/a–4.0.7, enabling local file access. Root cause: path traversal in Eventin handled via Contributor+ LFI. Affected product: Themewinter Eventin WordPress plugin (
CVE-2025-1770
CVE-2025-1770 : Local File Inclusion in WordPress plugin “Eventin” (Event Manager, Events Calendar, Tickets, Registrations) up to version 4.0.24 via the style parameter. Exploitation requires authenticated access at Contributor level or higher and can lead to arbitrary file inclusion and executio...
CVE-2025-1766
CVE-2025-1766 affects the WordPress plugin Eventin (Event Manager/Events Calendar/Tickets/Registrations) up to version 4.0.24. Root cause: missing capability check in the payment_complete function allows unauthenticated modification of data, enabling an attacker to set ticket payments to 'complet...
CVE-2025-26964
CVE-2025-26964 affects WordPress plugin Eventin (Event Manager, Events Calendar, Tickets, Registrations). The vulnerability is an authenticated Local File Inclusion (LFI) caused by improper filename control in PHP include/require, allowing an authorized attacker to influence included files. Affec...
CVE-2024-39648
CVE-2024-39648 is a stored XSS flaw in the Themewinter Eventin WordPress plugin. Public sources indicate vulnerability in Eventin versions n/a–4.0.5, with Patchstack noting a fix in 4.0.6. Providers (NVD/Red Hat/Wordfence) describe the flaw as improper input neutralization during web page generat...
CVE-2023-49756
CVE-2023-49756 refers to WordPress Eventin plugin
CVE-2025-47445
The CVE-2025-47445 issue affects WordPress plugin Eventin (Themewinter) up to version 4.0.26. A path traversal vulnerability caused by relative path manipulation allows arbitrary file downloads from the server, enabling potential information disclosure. The publicly documented affected range is E...
CVE-2024-6033
CVE-2024-6033 concerns WordPress plugin Eventin (Event Manager, Events Calendar, Tickets, Registrations). The advisory states a missing capability check on the import_file function across all versions up to and including 4.0.4, enabling authenticated attackers with Contributor-level access and ab...
CVE-2024-7149
CVE-2024-7149 — The Event Manager/Events Calendar/Tickets/Registrations – Eventin WordPress plugin (
CVE-2024-37507
CVE-2024-37507 is a stored XSS in the Themewinter Eventin WordPress plugin, affecting Eventin versions up to 3.3.57. Root cause: Improper neutralization of input during web page generation. Exploitation requires authentication; impact is stored XSS on affected pages. Remediation: update to a fixe...
CVE-2024-1122
The WordPress plugin set for Eventin (Event Manager, Events Calendar, Events Tickets for WooCommerce) is vulnerable to Broken Access Control due to a missing capability check in the export_data() function. All versions up to and including 3.3.50 allow unauthenticated attackers to export event dat...
CVE-2025-4796
The Eventin WordPress plugin (
CVE-2025-49321
CVE-2025-49321 is a Cross-Site Scripting vulnerability in WordPress plugin Eventin (affected: 4.0.28 and earlier). The issue is described as improper input neutralization during web page generation, enabling a Reflected XSS attack. Exploitation details are not provided in the core description, bu...