Vulnerabilities > Themewinter > Eventin > 3.0.5
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-05-08 | CVE-2025-3419 | External Control of File Name or Path vulnerability in Themewinter Eventin The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.0.26 via the proxy_image() function. | 7.5 |
| 2024-09-27 | CVE-2024-7149 | Path Traversal vulnerability in Themewinter Eventin The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.8 via multiple style parameters. | 8.8 |
| 2024-02-09 | CVE-2024-1122 | Missing Authorization vulnerability in Themewinter Eventin The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. | 5.3 |