5.3
CVE-2025-1766
- EPSS 0.34%
- Veröffentlicht 20.03.2025 05:22:35
- Zuletzt bearbeitet 11.08.2025 18:04:48
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.24 - Missing Authorization to Unauthenticated Payment Status Update
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'payment_complete' function in all versions up to, and including, 4.0.24. This makes it possible for unauthenticated attackers to update the status of ticket payments to 'completed', possibly resulting in financial loss.
Mögliche Gegenmaßnahme
Eventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered): Update to version 4.0.25, or a newer patched version
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Eventin – Event Manager, Event Booking, Calendar, Tickets and Registration Plugin (AI Powered)
Version
*-4.0.24
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Themewinter ≫ Eventin SwPlatformwordpress Version < 4.0.25
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.34% | 0.565 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
|
CWE-862 Missing Authorization
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.