- Description
- Incorrect Privilege Assignment vulnerability in Themewinter Eventin allows Privilege Escalation. This issue affects Eventin: from n/a through 4.0.26.
- Source
- audit@patchstack.com
- NVD status
- Analyzed
- Products
- eventin
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- audit@patchstack.com
- CWE-266
- Hype score
- Not currently trending
CVE-2025-47539 with Eventin v4.0.26 🔒💻 #CyberSecurity #PenTesting #Hacking https://t.co/hkDHqMrzXu
@TheExploitLab
16 Aug 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CVE-2025-47539 - critical 🚨 Eventin <= 4.0.26 - Privilege Escalation > The Eventin WordPress plugin before 4.0.27 suffers from an unauthenticated privilege ... 👾 https://t.co/7hT87AOe7X @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
27 May 2025
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-47539 Incorrect Privilege Assignment vulnerability in Themewinter Eventin allows Privilege Escalation. This issue affects Eventin: from n/a through 4.0.26. https://t.co/i4EF2Zc5Ok
@CVEnew
23 May 2025
474 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-47539 – #WordPress #Eventin Plugin Critical #Exploit https://t.co/fe97wjErLd
@d4rk_c0r3
21 May 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚩 Critical WordPress Plugin Vulnerability Exposes 10K+ Sites to Cyber Attack https://t.co/74Zq1HnnRy A severe privilege escalation vulnerability (CVE-2025-47539) has been discovered in the popular WordPress plugin Eventin, allowing unauthenticated attackers to create
@Huntio
20 May 2025
413 Impressions
5 Retweets
12 Likes
2 Bookmarks
0 Replies
0 Quotes
Hey hunters ⚡️ Check this out: CVE-2025-47539 Critical WordPress vulnerability for pre-auth privilege escalation! Here's how the permissions are checked by the plugin - "return true;"😂 Many vulnerable websites out there, maybe your target too! FOFA query: https://t.co/BiMN
@chux13786509
19 May 2025
3611 Impressions
7 Retweets
51 Likes
26 Bookmarks
1 Reply
1 Quote
🚨 A zero-day in the #Eventin WordPress plugin lets attackers create admin accounts—no login needed. Patch CVE-2025-47539 ASAP. Read More: https://t.co/kYtbfriGhC #zeroday #Cybersecurity #WordPress #WordPressSecurity #CVE202547539 #Canada #CanadaCyberAwareness https://t.co/
@FindSecCyber
18 May 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical WordPress Plugin Vulnerability (CVE-2025-47539) affects 10K+ sites. Attackers can gain full admin access — no login needed. Here’s everything you need to know & how to patch it: 🔗 https://t.co/9So4TfSLbs #WordPress #CyberSecurity #CVE202547539 #PluginVu
@securecybernews
18 May 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡️The vulnerability details are now available: https://t.co/1HUzFjU4Vb 🚨CRITICAL WordPress Alert🚨CVE-2025-47539 (CVSS 9.8) exposes Eventin sites to UNAUTHENTICATED privilege escalation! Attackers can hijack admin access via a flawed REST API, leading to TOTAL site tak
@zoomeye_team
17 May 2025
365 Impressions
0 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
WordPressの人気イベント管理プラグイン「Eventin」に深刻な脆弱性(CVE-2025-47539)が発見され、修正された。この脆弱性は、認証されていない攻撃者が管理者権限を取得し、サイトを完全に乗っ取る可能性がある
@yousukezan
16 May 2025
552 Impressions
0 Retweets
3 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2025-47539: Critical Privilege Escalation Flaw Hits 10K+ WordPress Eventin Sites https://t.co/m3yyTTHkb8
@Dinosn
16 May 2025
1583 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:themewinter:eventin:*:*:*:*:*:wordpress:*:*",
"matchCriteriaId": "A1F96AB4-859C-463B-A3B3-C1C0C0D2D64B",
"versionEndExcluding": "4.0.27",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]