Vulnerabilities and security researches forwp-event-solution wp-event-solution
Direction: ascendingEvent Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2024-1122
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Feb 09, 2024
- Research Description
- The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # f4685f6f478a2942072b9c51ebe4f460c17ead60
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Dec 04, 2023
- Research Description
- Event Manager, Events Calendar, Tickets, Registrations – Eventin [wp-event-solution] < 3.3.53 WordPress Eventin Plugin <= 3.3.44 is vulnerable to Broken Access Control No patched version is available. Abdi Pranata discovered and reported this Broken Access Control vulnerability in WordPress Eventin Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has not been known to be fixed yet.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2023-49756
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Dec 09, 2024
- Research Description
- Missing Authorization vulnerability in Themewinter Eventin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventin: from n/a through 3.3.52.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2024-37507
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Jul 21, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 3.3.57.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2024-6033
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Jul 17, 2024
- Research Description
- The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'import_file' function in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to import events, speakers, schedules and attendee data.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2024-39648
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Aug 02, 2024
- Research Description
- Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 4.0.5.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2024-7149
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Sep 27, 2024
- Research Description
- The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.8 via multiple style parameters. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2024-56213
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Dec 31, 2024
- Research Description
- Path Traversal: '.../...//' vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.7.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2025-26964
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Feb 25, 2025
- Research Description
- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.20.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2025-1766
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Mar 20, 2025
- Research Description
- The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'payment_complete' function in all versions up to, and including, 4.0.24. This makes it possible for unauthenticated attackers to update the status of ticket payments to 'completed', possibly resulting in financial loss.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2025-1770
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Mar 20, 2025
- Research Description
- The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.24 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2025-39584
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Apr 16, 2025
- Research Description
- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.25.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2025-3419
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- May 08, 2025
- Research Description
- The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.0.26 via the proxy_image() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2025-47445
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- May 14, 2025
- Research Description
- Relative Path Traversal vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.26.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2025-47539
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- May 23, 2025
- Research Description
- Incorrect Privilege Assignment vulnerability in Themewinter Eventin allows Privilege Escalation. This issue affects Eventin: from n/a through 4.0.26.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2025-49321
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Jun 27, 2025
- Research Description
- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arraytics Eventin allows Reflected XSS. This issue affects Eventin: from n/a through 4.0.28.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin # CVE-2025-4796
- CVE, Research URL
- Home page URL
-
Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin
- Date
- Aug 09, 2025
- Research Description
- The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's identity or capability prior to updating their details like email in the 'Eventin\Speaker\Api\SpeakerController::update_item' function. This makes it possible for unauthenticated attackers with contributor-level and above permissions to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable