📦 Eventin
by Themewinter
🔍 What is Eventin?
Description coming soon...
🛡️ Security Overview
Click on a severity to filter vulnerabilities
⚠️ Known Vulnerabilities
This vulnerability allows attackers to escalate privileges in the Themewinter Eventin WordPress plugin, potentially gaining administrative access. It affects all WordPress sites running Eventin versio...
The Eventin WordPress plugin has a privilege escalation vulnerability that allows attackers with contributor-level permissions or higher to change any user's email address, including administrators. T...
This vulnerability allows attackers to inject malicious scripts into web pages generated by the Eventin WordPress plugin. When users visit a specially crafted URL, the scripts execute in their browser...
This vulnerability allows attackers to include local files on the server through improper input validation in the Eventin WordPress plugin. Attackers can potentially read sensitive files or execute co...
This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affects WordPress sites using the Eventin plugin (forme...
This vulnerability allows authenticated WordPress users with Contributor-level access or higher to perform Local File Inclusion attacks in the Eventin plugin. Attackers can include and execute arbitra...
This path traversal vulnerability in the Eventin WordPress plugin allows attackers to access files outside the intended directory using '.../...//' sequences. It affects WordPress sites using Eventin ...
This CVE describes a Missing Authorization vulnerability in the Themewinter Eventin WordPress plugin that allows authenticated users to exploit incorrectly configured access control security levels. T...
This stored cross-site scripting (XSS) vulnerability in the Eventin WordPress plugin allows attackers to inject malicious scripts into web pages that are then executed when other users view those page...
This vulnerability in the Eventin WordPress plugin allows authenticated attackers with Contributor-level access or higher to import unauthorized data (events, speakers, schedules, attendee data) due t...