Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Eventin
(Themewinter)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 16 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2024-07-21 | CVE-2024-37507 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 3.3.57. | Eventin | 5.4 | ||
| 2024-08-01 | CVE-2024-39648 | Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Themewinter Eventin allows Stored XSS.This issue affects Eventin: from n/a through 4.0.5. | Eventin | 4.8 | ||
| 2024-12-09 | CVE-2023-49756 | Missing Authorization vulnerability in Themewinter Eventin allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Eventin: from n/a through 3.3.52. | Eventin | 8.8 | ||
| 2024-12-31 | CVE-2024-56213 | Path Traversal: '.../...//' vulnerability in Themewinter Eventin allows Path Traversal.This issue affects Eventin: from n/a through 4.0.7. | Eventin | 8.8 | ||
| 2025-02-25 | CVE-2025-26964 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Themewinter Eventin allows PHP Local File Inclusion. This issue affects Eventin: from n/a through 4.0.20. | Eventin | 8.8 | ||
| 2025-03-20 | CVE-2025-1766 | The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'payment_complete' function in all versions up to, and including, 4.0.24. This makes it possible for unauthenticated attackers to update the status of ticket payments to 'completed', possibly resulting in financial loss. | Eventin | 5.3 |