{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-4796", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-05-15T17:20:16.666Z", "datePublished": "2025-08-08T18:26:26.586Z", "dateUpdated": "2026-04-08T17:11:41.513Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:11:41.513Z"}, "affected": [{"vendor": "arraytics", "product": "Eventin \u2013 Event Calendar, Event Registration, Tickets & Booking (AI Powered)", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.0.34", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's identity or capability prior to updating their details like email in the 'Eventin\\Speaker\\Api\\SpeakerController::update_item' function. This makes it possible for unauthenticated attackers with contributor-level and above permissions to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account."}], "title": "Eventin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9e0d441d-1da5-45e7-8a14-ce178099c0cc?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.0.28/core/speaker/Api/SpeakerController.php#L419"}, {"url": "https://plugins.trac.wordpress.org/changeset/3336972/wp-event-solution/trunk/core/speaker/Api/SpeakerController.php#file0"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-639 Authorization Bypass Through User-Controlled Key", "cweId": "CWE-639", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "timeline": [{"time": "2025-05-15T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-05-15T00:00:00.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-08-08T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-08T18:57:51.340619Z", "id": "CVE-2025-4796", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-08T18:58:03.058Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-4796", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-08T18:57:51.340619Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-08T18:57:56.090Z"}}], "cna": {"title": "Eventin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover", "credits": [{"lang": "en", "type": "finder", "value": "Istv\u00e1n M\u00e1rton"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "arraytics", "product": "Eventin \u2013 Event Calendar, Event Registration, Tickets & Booking (AI Powered)", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "4.0.34"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-05-15T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-05-15T00:00:00.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-08-08T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9e0d441d-1da5-45e7-8a14-ce178099c0cc?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.0.28/core/speaker/Api/SpeakerController.php#L419"}, {"url": "https://plugins.trac.wordpress.org/changeset/3336972/wp-event-solution/trunk/core/speaker/Api/SpeakerController.php#file0"}], "descriptions": [{"lang": "en", "value": "The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's identity or capability prior to updating their details like email in the 'Eventin\\Speaker\\Api\\SpeakerController::update_item' function. This makes it possible for unauthenticated attackers with contributor-level and above permissions to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-639", "description": "CWE-639 Authorization Bypass Through User-Controlled Key"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:11:41.513Z"}}}, "cveMetadata": {"cveId": "CVE-2025-4796", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:11:41.513Z", "dateReserved": "2025-05-15T17:20:16.666Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-08-08T18:26:26.586Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:themewinter:eventin:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "695F8852-7DDE-49EC-B1F5-12DDA3DB7D06", "versionEndExcluding": "4.0.35", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's identity or capability prior to updating their details like email in the 'Eventin\\Speaker\\Api\\SpeakerController::update_item' function. This makes it possible for unauthenticated attackers with contributor-level and above permissions to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account."}, {"lang": "es", "value": "El complemento Eventin para WordPress es vulnerable a la escalada de privilegios mediante la apropiaci\u00f3n de cuentas en todas las versiones hasta la 4.0.34 incluida. Esto se debe a que el complemento no valida correctamente la identidad o la capacidad del usuario antes de actualizar sus datos, como el correo electr\u00f3nico, en la funci\u00f3n 'Eventin\\Speaker\\Api\\SpeakerController::update_item'. Esto permite que atacantes no autenticados con permisos de colaborador o superiores cambien las direcciones de correo electr\u00f3nico de usuarios arbitrarios, incluidos los administradores, y aprovechen esta situaci\u00f3n para restablecer la contrase\u00f1a del usuario y acceder a su cuenta."}], "id": "CVE-2025-4796", "lastModified": "2025-08-13T19:31:04.300", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-08-08T19:15:36.140", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.0.28/core/speaker/Api/SpeakerController.php#L419"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3336972/wp-event-solution/trunk/core/speaker/Api/SpeakerController.php#file0"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9e0d441d-1da5-45e7-8a14-ce178099c0cc?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-639"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T00:57:04.135317+00:00", "value": {"mitigation_remediation": ["Upgrade the Eventin plugin to the latest released version (4.0.35 or newer).", "If the upgrade cannot be performed immediately, temporarily remove contributor-level permissions from users until the update is applied.", "Apply a temporary restriction on the API endpoint that updates speaker details so that only administrator or designated users can access it, blocking all contributor-level users until the vulnerability is patched."], "summary": {"action": "Immediate Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "WordPress sites running the Eventin plugin, versions 4.0.34 and earlier. The vulnerability is present in the SpeakerController update_item routine in the core files of the plugin; affected users include all registered WordPress accounts, with administrators being the most critical targets.", "description_and_impact": "The Eventin plugin for WordPress contains a fault that allows any authenticated user with contributor-level privileges or higher to modify the email address of any other user. By changing an administrator\u2019s email, the attacker can trigger a password reset and subsequently access the administrator account. This bypasses normal authorization controls and grants the attacker full control over the site, directly contradicting the intended role restrictions. The weakness corresponds to a failure of proper identity validation and is classified as a privilege escalation flaw.", "risk_and_exploitability": "The CVSS score of 8.8 reflects high severity, while an EPSS score of less than 1% indicates that exploitation is currently rare but still possible. The vulnerability is not listed in the CISA KEV catalog, yet it can be exploited by any contributor+ user, a role that is commonly available on multi\u2011user WordPress installations. Exploitation requires no special skills beyond making a request to the API endpoint that updates speaker details; the lack of identity checks makes the attack straightforward. The high CVSS combined with the potential for full account takeover makes immediate remediation essential."}}}}, "created": "2025-08-12T07:48:03.221195+00:00", "updated": "2026-04-22T01:00:04.367868+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}