Skip to main content

Eventin

8 CVEs product

Monthly

CVE-2025-4796 HIGH PATCH This Month

The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Privilege Escalation Eventin PHP
NVD
CVSS 3.1
8.8
EPSS
0.1%
CVE-2025-1770 HIGH This Week

The Event Manager, Events Calendar, Tickets, Registrations - Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.24 via the 'style' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP RCE WordPress Path Traversal +1
NVD
CVSS 3.1
8.8
EPSS
0.6%
CVE-2025-1766 MEDIUM This Month

The Event Manager, Events Calendar, Tickets, Registrations - Eventin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Eventin PHP
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2024-7149 HIGH PATCH This Week

The Event Manager, Events Calendar, Tickets, Registrations - Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.8 via multiple style. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP WordPress RCE Information Disclosure +1
NVD
CVSS 3.1
8.8
EPSS
1.0%
CVE-2024-39648 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.0.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Eventin
NVD
CVSS 3.1
4.8
EPSS
0.3%
CVE-2024-37507 MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.3.57. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Eventin
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2024-6033 MEDIUM PATCH This Month

The Event Manager, Events Calendar, Tickets, Registrations - Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'import_file'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Eventin
NVD
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-1122 MEDIUM PATCH This Month

The Event Manager, Events Calendar, Events Tickets for WooCommerce - Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data(). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Eventin
NVD VulDB
CVSS 3.1
5.3
EPSS
0.4%
EPSS 0% CVSS 8.8
HIGH PATCH This Month

The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity.

Authentication Bypass WordPress Privilege Escalation +2
NVD
EPSS 1% CVSS 8.8
HIGH This Week

The Event Manager, Events Calendar, Tickets, Registrations - Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.24 via the 'style' parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Information Disclosure PHP RCE +3
NVD
EPSS 0% CVSS 5.3
MEDIUM This Month

The Event Manager, Events Calendar, Tickets, Registrations - Eventin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Eventin +1
NVD
EPSS 1% CVSS 8.8
HIGH PATCH This Week

The Event Manager, Events Calendar, Tickets, Registrations - Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.8 via multiple style. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. This Path Traversal vulnerability could allow attackers to access files and directories outside the intended path.

Path Traversal PHP WordPress +3
NVD
EPSS 0% CVSS 4.8
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.0.5. Rated medium severity (CVSS 4.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Eventin
NVD
EPSS 0% CVSS 5.4
MEDIUM This Month

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.3.57. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

XSS Eventin
NVD
EPSS 0% CVSS 4.3
MEDIUM PATCH This Month

The Event Manager, Events Calendar, Tickets, Registrations - Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'import_file'. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Eventin
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

The Event Manager, Events Calendar, Events Tickets for WooCommerce - Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data(). Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

WordPress Authentication Bypass Eventin
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy