Themewinter Eventin
16 CVEs affecting Themewinter Eventin. Latest disclosed: 2025-08-08. Critical: 1, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2025-47539 | Critical | 9.8 | 2025-05-23 | Incorrect Privilege Assignment vulnerability in Arraytics Eventin wp-event-solution allows Privilege Escalation.This issue affects Eventin: from n/a through <=… |
CVE-2025-4796 | High | 8.8 | 2025-08-08 | The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the pl… |
CVE-2025-1770 | High | 8.8 | 2025-03-20 | The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and incl… |
CVE-2024-7149 | High | 8.8 | 2024-09-27 | The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and incl… |
CVE-2025-47445 | High | 7.5 | 2025-05-14 | Relative Path Traversal vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through <= 4.0.26. |
CVE-2025-3419 | High | 7.5 | 2025-05-08 | The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and inclu… |
CVE-2025-39584 | High | 7.5 | 2025-04-16 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Arraytics Eventin wp-event-solution al… |
CVE-2025-26964 | High | 7.5 | 2025-02-25 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Arraytics Eventin wp-event-solution al… |
CVE-2025-49321 | High | 7.1 | 2025-06-27 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Arraytics Eventin wp-event-solution allows Reflected XSS… |
CVE-2024-56213 | Medium | 6.5 | 2024-12-31 | Path Traversal: '.../...//' vulnerability in Arraytics Eventin wp-event-solution allows Path Traversal.This issue affects Eventin: from n/a through <= 4.0.7. |
CVE-2024-37507 | Medium | 6.5 | 2024-07-21 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.This issue a… |
CVE-2024-39648 | Medium | 5.9 | 2024-08-01 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.This issue a… |
CVE-2023-49756 | Medium | 5.4 | 2024-12-09 | Missing Authorization vulnerability in Arraytics Eventin wp-event-solution allows Exploiting Incorrectly Configured Access Control Security Levels.This issue a… |
CVE-2025-1766 | Medium | 5.3 | 2025-03-20 | The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing c… |
CVE-2024-1122 | Medium | 5.3 | 2024-02-09 | The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing… |
CVE-2024-6033 | Medium | 4.3 | 2024-07-17 | The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capab… |