Skip to main content

Wp Event Solution

2 CVEs product

Monthly

CVE-2025-68045 HIGH This Week

Broken access control in the Arraytics WP Event Solution WordPress plugin through version 4.1.12 allows remote unauthenticated attackers to access protected functionality or data without authorization. The flaw stems from missing authorization checks (CWE-862) on plugin endpoints, exposing sensitive event-management capabilities or data to anyone who can reach the WordPress site. No public exploit identified at time of analysis, and the issue is not currently listed in the CISA KEV catalog.

Authentication Bypass Wp Event Solution
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-40776 HIGH This Week

Unauthenticated information disclosure in the Arraytics WP Event Solution (Eventin) WordPress plugin through version 4.1.8 allows remote attackers to bypass access control checks and read data they should not be permitted to access. The flaw was disclosed by Patchstack and tracked as EUVD-2026-36985; no public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Authentication Bypass Wp Event Solution
NVD
CVSS 3.1
7.5
EPSS
0.4%
EPSS 0% CVSS 7.5
HIGH This Week

Broken access control in the Arraytics WP Event Solution WordPress plugin through version 4.1.12 allows remote unauthenticated attackers to access protected functionality or data without authorization. The flaw stems from missing authorization checks (CWE-862) on plugin endpoints, exposing sensitive event-management capabilities or data to anyone who can reach the WordPress site. No public exploit identified at time of analysis, and the issue is not currently listed in the CISA KEV catalog.

Authentication Bypass Wp Event Solution
NVD VulDB
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated information disclosure in the Arraytics WP Event Solution (Eventin) WordPress plugin through version 4.1.8 allows remote attackers to bypass access control checks and read data they should not be permitted to access. The flaw was disclosed by Patchstack and tracked as EUVD-2026-36985; no public exploit code has been identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Authentication Bypass Wp Event Solution
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy