CVE-2025-47539

WordPress

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-47539 affects the Eventin plugin for WordPress. This vulnerability allows unauthenticated attackers to escalate their privileges to administrator, leading to complete site compromise. The vulnerability lies in the `/wp-json/eventin/v2/speakers/import` REST API endpoint due to a lack of permission checks when importing users. By sending a crafted CSV file to this endpoint, an attacker can create a new user with administrator privileges, effectively taking control of the entire WordPress site. The issue stems from a flawed `permission_callback` function that always returns true, allowing unauthorized access to the endpoint. The vulnerability has been fixed in Eventin version 4.0.27.

Description
-

Social media

Hype score
Not currently trending

  1. CVE-2025-47539 – #WordPress #Eventin Plugin Critical #Exploit https://t.co/fe97wjErLd

    @d4rk_c0r3

    21 May 2025

    1 Impression

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚩 Critical WordPress Plugin Vulnerability Exposes 10K+ Sites to Cyber Attack https://t.co/74Zq1HnnRy A severe privilege escalation vulnerability (CVE-2025-47539) has been discovered in the popular WordPress plugin Eventin, allowing unauthenticated attackers to create

    @Huntio

    20 May 2025

    413 Impressions

    5 Retweets

    12 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  3. Hey hunters ⚡️ Check this out: CVE-2025-47539 Critical WordPress vulnerability for pre-auth privilege escalation! Here's how the permissions are checked by the plugin - "return true;"😂 Many vulnerable websites out there, maybe your target too! FOFA query: https://t.co/BiMN

    @chux13786509

    19 May 2025

    3611 Impressions

    7 Retweets

    51 Likes

    26 Bookmarks

    1 Reply

    1 Quote

  4. 🚨 A zero-day in the #Eventin WordPress plugin lets attackers create admin accounts—no login needed. Patch CVE-2025-47539 ASAP. Read More: https://t.co/kYtbfriGhC #zeroday #Cybersecurity #WordPress #WordPressSecurity #CVE202547539 #Canada #CanadaCyberAwareness https://t.co/

    @FindSecCyber

    18 May 2025

    42 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 Critical WordPress Plugin Vulnerability (CVE-2025-47539) affects 10K+ sites. Attackers can gain full admin access — no login needed. Here’s everything you need to know & how to patch it: 🔗 https://t.co/9So4TfSLbs #WordPress #CyberSecurity #CVE202547539 #PluginVu

    @securecybernews

    18 May 2025

    10 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. ⚡️The vulnerability details are now available: https://t.co/1HUzFjU4Vb 🚨CRITICAL WordPress Alert🚨CVE-2025-47539 (CVSS 9.8) exposes Eventin sites to UNAUTHENTICATED privilege escalation! Attackers can hijack admin access via a flawed REST API, leading to TOTAL site tak

    @zoomeye_team

    17 May 2025

    365 Impressions

    0 Retweets

    5 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. WordPressの人気イベント管理プラグイン「Eventin」に深刻な脆弱性(CVE-2025-47539)が発見され、修正された。この脆弱性は、認証されていない攻撃者が管理者権限を取得し、サイトを完全に乗っ取る可能性がある

    @yousukezan

    16 May 2025

    552 Impressions

    0 Retweets

    3 Likes

    2 Bookmarks

    0 Replies

    0 Quotes

  8. CVE-2025-47539: Critical Privilege Escalation Flaw Hits 10K+ WordPress Eventin Sites https://t.co/m3yyTTHkb8

    @Dinosn

    16 May 2025

    1583 Impressions

    0 Retweets

    2 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References

Sources include official advisories and independent security research.