Themewinter

Eventin

16 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
8.8

CVE-2025-4796

  • EPSS 0.06%
  • Veröffentlicht 08.08.2025 18:26:26
  • Zuletzt bearbeitet 13.08.2025 19:31:04

The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's identity or capability prior to updating their detail...

6.1

CVE-2025-49321

  • EPSS 0.03%
  • Veröffentlicht 27.06.2025 11:52:32
  • Zuletzt bearbeitet 14.08.2025 20:53:50

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arraytics Eventin allows Reflected XSS. This issue affects Eventin: from n/a through 4.0.28.

9.8

CVE-2025-47539

  • EPSS 19.82%
  • Veröffentlicht 23.05.2025 12:43:31
  • Zuletzt bearbeitet 13.08.2025 15:52:09

Incorrect Privilege Assignment vulnerability in Themewinter Eventin allows Privilege Escalation. This issue affects Eventin: from n/a through 4.0.26.

9.8

CVE-2025-47445

  • EPSS 4.05%
  • Veröffentlicht 14.05.2025 11:37:49
  • Zuletzt bearbeitet 12.08.2025 01:59:03

Relative Path Traversal vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.26.

7.5

CVE-2025-3419

  • EPSS 0.19%
  • Veröffentlicht 08.05.2025 05:22:51
  • Zuletzt bearbeitet 04.06.2025 22:42:06

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.0.26 via the proxy_image() function. This makes it possible for unauthenticated att...

7.5

CVE-2025-39584

  • EPSS 0.42%
  • Veröffentlicht 16.04.2025 12:44:22
  • Zuletzt bearbeitet 12.08.2025 18:12:28

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.25.

5.3

CVE-2025-1766

  • EPSS 0.34%
  • Veröffentlicht 20.03.2025 05:22:35
  • Zuletzt bearbeitet 11.08.2025 18:04:48

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'payment_complete' function in all versions up to, and including, 4....

8.8

CVE-2025-1770

  • EPSS 0.55%
  • Veröffentlicht 20.03.2025 05:22:34
  • Zuletzt bearbeitet 08.07.2025 16:38:54

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.24 via the 'style' parameter. This makes it possible for authenticated attackers...

8.8

CVE-2025-26964

  • EPSS 0.27%
  • Veröffentlicht 25.02.2025 15:15:29
  • Zuletzt bearbeitet 11.08.2025 18:01:36

Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.20.

8.8

CVE-2024-56213

  • EPSS 0.59%
  • Veröffentlicht 31.12.2024 10:15:09
  • Zuletzt bearbeitet 11.08.2025 17:25:30

Path Traversal: '.../...//' vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.7.