{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1770", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-02-28T00:09:15.655Z", "datePublished": "2025-03-20T05:22:34.878Z", "dateUpdated": "2026-04-08T16:56:18.670Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:56:18.670Z"}, "affected": [{"vendor": "arraytics", "product": "Eventin \u2013 Event Calendar, Event Registration, Tickets & Booking (AI Powered)", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.0.24", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Event Manager, Events Calendar, Tickets, Registrations \u2013 Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.24 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."}], "title": "Event Manager, Events Calendar, Tickets, Registrations \u2013 Eventin <= 4.0.24 - Authenticated (Contributor+) Local File Inclusion", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f24baee-7003-449b-9072-d95fa1e26c8f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.0.24/widgets/upcoming-event-tab/style/tab-1.php#L53"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.0.24/widgets/events-calendar/events-calendar.php#L715"}, {"url": "https://plugins.trac.wordpress.org/changeset/3257023/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "wesley"}], "timeline": [{"time": "2025-03-19T17:03:49.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-20T15:11:08.732933Z", "id": "CVE-2025-1770", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T15:11:17.756Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1770", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-03-20T15:11:08.732933Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-20T15:11:13.375Z"}}], "cna": {"title": "Event Manager, Events Calendar, Tickets, Registrations \u2013 Eventin <= 4.0.24 - Authenticated (Contributor+) Local File Inclusion", "credits": [{"lang": "en", "type": "finder", "value": "wesley"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "arraytics", "product": "Eventin \u2013 Event Calendar, Event Registration, Tickets & Booking (AI Powered)", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.0.24"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-03-19T17:03:49.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f24baee-7003-449b-9072-d95fa1e26c8f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.0.24/widgets/upcoming-event-tab/style/tab-1.php#L53"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.0.24/widgets/events-calendar/events-calendar.php#L715"}, {"url": "https://plugins.trac.wordpress.org/changeset/3257023/"}], "descriptions": [{"lang": "en", "value": "The Event Manager, Events Calendar, Tickets, Registrations \u2013 Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.24 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:56:18.670Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1770", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:56:18.670Z", "dateReserved": "2025-02-28T00:09:15.655Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-03-20T05:22:34.878Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:themewinter:eventin:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "83E51B23-6F8A-478C-AF23-391D5E7EC252", "versionEndExcluding": "4.0.25", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Event Manager, Events Calendar, Tickets, Registrations \u2013 Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.24 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other \u201csafe\u201d file types can be uploaded and included."}, {"lang": "es", "value": "El complemento Event Manager, Events Calendar, Tickets, Registrations \u2013 Eventin para WordPress es vulnerable a la Inclusi\u00f3n Local de Archivos en todas las versiones hasta la 4.0.24 incluida, a trav\u00e9s del par\u00e1metro 'style'. Esto permite a atacantes autenticados, con acceso de Colaborador o superior, incluir y ejecutar archivos arbitrarios en el servidor, permitiendo la ejecuci\u00f3n de cualquier c\u00f3digo PHP en dichos archivos. Esto puede utilizarse para eludir los controles de acceso, obtener datos confidenciales o ejecutar c\u00f3digo cuando se pueden subir e incluir im\u00e1genes y otros tipos de archivos \"seguros\"."}], "id": "CVE-2025-1770", "lastModified": "2025-07-08T16:38:54.230", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-03-20T06:15:22.903", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.0.24/widgets/events-calendar/events-calendar.php#L715"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.0.24/widgets/upcoming-event-tab/style/tab-1.php#L53"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/changeset/3257023/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5f24baee-7003-449b-9072-d95fa1e26c8f?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T21:50:23.572386+00:00", "value": {"mitigation_remediation": ["Upgrade Eventin to the latest release (4.0.25 or newer) where the LFI flaw is fixed.", "If an upgrade is not immediately possible, revoke Contributor or higher role privileges from users who do not need access to the plugin\u2019s configuration screens.", "Implement strict input validation for the 'style' parameter so that only approved values are accepted, rejecting paths that contain directory traversal sequences.", "Configure the server to store uploads outside the web root and disable PHP execution in the upload directory."], "summary": {"action": "Patch Now", "impact": "Local File Inclusion leading to arbitrary PHP execution"}, "threat_synthesis": {"affected_systems": "WordPress installations running the Eventin \u2013 Event Calendar, Event Registration, Tickets & Booking plugin by Arraytics, versions 4.0.24 and earlier.", "description_and_impact": "The Eventin plugin for WordPress is vulnerable to Local File Inclusion through the 'style' parameter. This flaw allows authenticated users with Contributor privileges or higher to request the inclusion of any file on the server, enabling the execution of arbitrary PHP code. The resulting compromise can bypass role restrictions, disclose sensitive data, and allow full control over the affected WordPress installation.", "risk_and_exploitability": "The flaw carries a CVSS score of 8.8, indicating high severity, while the EPSS score is less than 1%, suggesting a low but nonzero probability of exploitation. The vulnerability is not listed in CISA\u2019s KEV catalog. Attackers need valid Contributor credentials to manipulate the 'style' parameter, making the risk primarily focused on sites with a large contributor base. The exploitation path relies on unsanitized input, typical of CWE-22, and can be achieved by submitting a crafted request that points the plugin to a PHP file stored in an upload directory or elsewhere on the server."}}}}, "created": "2026-04-21T22:00:26.594671+00:00", "updated": "2026-04-21T22:00:26.594682+00:00", "vendors": []}