cleantalk
Vulnerabilities and Security Researches

Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin, f4685f6f478a2942072b9c51ebe4f460c17ead60

CVE, Research URL

f4685f6f478a2942072b9c51ebe4f460c17ead60

Home page URL

Security reports for Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin

Application

Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin

Published on
Dec 04, 2023
Research Description
Event Manager, Events Calendar, Tickets, Registrations &#8211; Eventin [wp-event-solution] < 3.3.53 WordPress Eventin Plugin <= 3.3.44 is vulnerable to Broken Access Control No patched version is available. Abdi Pranata discovered and reported this Broken Access Control vulnerability in WordPress Eventin Plugin. A broken access control issue refers to a missing authorization, authentication or nonce token check in a function that could lead to an unprivileged user to executing a certain higher privileged action. This vulnerability has not been known to be fixed yet.
Affected versions
Min -, max 3.3.53.
Status
vulnerable
Previous vulnerability researches
Event Manager, Events Calendar, Events Tickets for WooCommerce &#8211; Eventin (CVE-2025-26964) , Feb 27, 2025
Event Manager, Events Calendar, Events Tickets for WooCommerce &#8211; Eventin (CVE-2023-49756) , Jun 10, 2024
Event Manager, Events Calendar, Events Tickets for WooCommerce &#8211; Eventin (CVE-2024-56213) , Dec 23, 2024
Event Manager, Events Calendar, Events Tickets for WooCommerce &#8211; Eventin (CVE-2025-39584) , Apr 18, 2025
Event Manager, Events Calendar, Events Tickets for WooCommerce &#8211; Eventin (CVE-2025-1766) , Mar 21, 2025
New vulnerability
WP Logger (CVE-2025-39456) , Apr 20, 2025
visualslider Sldier (CVE-2025-23448) , Apr 20, 2025
RSS Manager (CVE-2025-39418) , Apr 20, 2025
Contact Form vCard Generator (CVE-2025-39521) , Apr 20, 2025
AdminQuickbar (CVE-2025-39464) , Apr 20, 2025