Eventin Security Vulnerabilities and Issues — Eventin CVE List

Lucene search

ThemewinterEventin

3 matches found

CVE•added 2025/05/08 6:15 a.m.•52 views

CVE-2025-3419

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.0.26 via the proxy_image() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on...

7.5CVSS7.4AI score0.00033EPSS

Web

CVE•added 2025/04/16 1:15 p.m.•45 views

CVE-2025-39584

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.25.

7.5CVSS7.7AI score0.0022EPSS

CVE•added 2025/06/27 12:15 p.m.•7 views

CVE-2025-49321

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arraytics Eventin allows Reflected XSS. This issue affects Eventin: from n/a through 4.0.28.

7.1CVSS6.5AI score0.00034EPSS