Themewinter

Eventin

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-4796

  • EPSS 0.07%
  • Veröffentlicht 08.08.2025 18:26:26
  • Zuletzt bearbeitet 13.08.2025 19:31:04

The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's identity or capability prior to updating their detail...

6.1

CVE-2025-49321

  • EPSS 0.04%
  • Veröffentlicht 27.06.2025 11:52:32
  • Zuletzt bearbeitet 01.04.2026 17:25:05

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arraytics Eventin wp-event-solution allows Reflected XSS.This issue affects Eventin: from n/a through <= 4.0.28.

9.8

CVE-2025-47539

  • EPSS 2.9%
  • Veröffentlicht 23.05.2025 12:43:31
  • Zuletzt bearbeitet 01.04.2026 17:24:01

Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through <= 4.0.26.

9.8

CVE-2025-47445

  • EPSS 13.58%
  • Veröffentlicht 14.05.2025 11:37:49
  • Zuletzt bearbeitet 01.04.2026 17:23:48

Relative Path Traversal vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through <= 4.0.26.

7.5

CVE-2025-3419

  • EPSS 0.19%
  • Veröffentlicht 08.05.2025 05:22:51
  • Zuletzt bearbeitet 08.04.2026 17:20:40

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.0.26 via the proxy_image() function. This makes it possible for unauthenticated att...

7.5

CVE-2025-39584

  • EPSS 0.32%
  • Veröffentlicht 16.04.2025 12:44:22
  • Zuletzt bearbeitet 01.04.2026 17:23:23

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Arraytics Eventin wp-event-solution allows PHP Local File Inclusion.This issue affects Eventin: from n/a through <= 4.0.25.

5.3

CVE-2025-1766

  • EPSS 0.34%
  • Veröffentlicht 20.03.2025 05:22:35
  • Zuletzt bearbeitet 11.08.2025 18:04:48

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'payment_complete' function in all versions up to, and including, 4....

8.8

CVE-2025-1770

  • EPSS 0.55%
  • Veröffentlicht 20.03.2025 05:22:34
  • Zuletzt bearbeitet 08.07.2025 16:38:54

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.24 via the 'style' parameter. This makes it possible for authenticated attackers...

8.8

CVE-2025-26964

  • EPSS 0.85%
  • Veröffentlicht 25.02.2025 15:15:29
  • Zuletzt bearbeitet 01.04.2026 17:19:15

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Arraytics Eventin wp-event-solution allows PHP Local File Inclusion.This issue affects Eventin: from n/a through <= 4.0.20.

8.8

CVE-2024-56213

  • EPSS 0.65%
  • Veröffentlicht 31.12.2024 10:15:09
  • Zuletzt bearbeitet 01.04.2026 16:21:41

Path Traversal: '.../...//' vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through <= 4.0.7.