CVE-2025-4796

HIGH

Themewinter Eventin < 4.0.35 - IDOR

Title source: rule

Description

The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user's identity or capability prior to updating their details like email in the 'Eventin\Speaker\Api\SpeakerController::update_item' function. This makes it possible for unauthenticated attackers with contributor-level and above permissions to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.

Exploits (3)

nomisec WORKING POC 1 stars

by AnotherSec · poc

https://github.com/AnotherSec/CVE-2025-4796

View Code ZIP pw:eip

github WORKING POC

by Boshe99 · pythonpoc

https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2025-4796

View Code ZIP pw:eip

github WORKING POC

by Nxploited · pythonpoc

https://github.com/Nxploited/CVE-2025-4796

View Code ZIP pw:eip

References (3)

[Product] https://plugins.trac.wordpress.org/browser/wp-event-solution/tags/4.0.28/core/speaker/Api/SpeakerController.php#L419

[Patch] https://plugins.trac.wordpress.org/changeset/3336972/wp-event-solution/trunk/core/speaker/Api/SpeakerController.php#file0

[Third Party Advisory] https://www.wordfence.com/threat-intel/vulnerabilities/id/9e0d441d-1da5-45e7-8a14-ce178099c0cc?source=cve

Scores

CVSS v3 8.8

EPSS 0.0007

EPSS Percentile 21.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-639

Status published

Products (1)

themewinter/eventin < 4.0.35

Published Aug 08, 2025

Tracked Since Feb 18, 2026