CVE-2025-4796

HIGH

Eventin < 4.0.35 - Unauthenticated Privilege Escalation via SpeakerController Email Update

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 3 public exploits for CVE-2025-4796. PoCs published by AnotherSec, Boshe99, Nxploited.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2025-4796, a privilege escalation vulnerability in the Eventin WordPress plugin (<= 4.0.34). The exploit allows authenticated users (contributor+) to change any user's email via an insecure API endpoint, enabling account takeover.

Description

The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's identity or capability prior to updating their details like email in the 'Eventin\Speaker\Api\SpeakerController::update_item' function. This makes it possible for unauthenticated attackers with contributor-level and above permissions to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.

Exploits (3)

nomisec WORKING POC 1 stars
by AnotherSec · poc
https://github.com/AnotherSec/CVE-2025-4796

This repository contains a functional exploit for CVE-2025-4796, a privilege escalation vulnerability in the Eventin WordPress plugin (<= 4.0.34). The exploit allows authenticated users (contributor+) to change any user's email via an insecure API endpoint, enabling account takeover.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: Eventin WordPress Plugin <= 4.0.34
Auth required
Prerequisites: Valid WordPress credentials (contributor or higher) · Target site URL · Speaker ID · Attacker-controlled email
devstral-2 · analyzed Feb 19, 2026 Full analysis →
github WORKING POC
by Boshe99 · pythonpoc
https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2025-4796

The repository contains functional exploit code for CVE-2025-4796, targeting a WordPress plugin (3DPrint Lite 1.9.1.4) with an arbitrary file upload vulnerability. The Python script demonstrates the exploit by uploading a file to a vulnerable endpoint and confirming its presence.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WordPress Plugin 3DPrint Lite 1.9.1.4
No auth needed
Prerequisites: target URL · file to upload
devstral-2 · analyzed Feb 27, 2026 Full analysis →
github WORKING POC
by Nxploited · pythonpoc
https://github.com/Nxploited/CVE-2025-4796

This is a functional exploit for CVE-2025-4796, targeting a WordPress vulnerability that allows privilege escalation by updating a speaker's email via an authenticated API request. The script automates login, nonce extraction, and payload delivery to escalate a user's privileges to admin.

Classification
Working Poc 95%
Attack Type
Auth Bypass
Complexity
Moderate
Reliability
Reliable
Target: WordPress (specific plugin/version not specified)
Auth required
Prerequisites: Valid WordPress credentials · Speaker ID · Target URL
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 8.8
EPSS 0.0053
EPSS Percentile 40.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable no
Technical Impact total

Details

CWE
CWE-639
Status published
Products (2)
arraytics/Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) < 4.0.34
themewinter/eventin < 4.0.35
Published Aug 08, 2025
Tracked Since Feb 18, 2026