AI description
CVE-2025-47539 affects the Eventin plugin for WordPress. This vulnerability allows unauthenticated attackers to escalate their privileges to administrator, leading to complete site compromise. The vulnerability lies in the `/wp-json/eventin/v2/speakers/import` REST API endpoint due to a lack of permission checks when importing users. By sending a crafted CSV file to this endpoint, an attacker can create a new user with administrator privileges, effectively taking control of the entire WordPress site. The issue stems from a flawed `permission_callback` function that always returns true, allowing unauthorized access to the endpoint. The vulnerability has been fixed in Eventin version 4.0.27.
- Description
- Incorrect Privilege Assignment vulnerability in Themewinter Eventin allows Privilege Escalation. This issue affects Eventin: from n/a through 4.0.26.
- Source
- audit@patchstack.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- audit@patchstack.com
- CWE-266
- Hype score
- Not currently trending
🚨 CVE-2025-47539 - critical 🚨 Eventin <= 4.0.26 - Privilege Escalation > The Eventin WordPress plugin before 4.0.27 suffers from an unauthenticated privilege ... 👾 https://t.co/7hT87AOe7X @pdnuclei #NucleiTemplates #cve
@pdnuclei_bot
27 May 2025
88 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-47539 Incorrect Privilege Assignment vulnerability in Themewinter Eventin allows Privilege Escalation. This issue affects Eventin: from n/a through 4.0.26. https://t.co/i4EF2Zc5Ok
@CVEnew
23 May 2025
474 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-47539 – #WordPress #Eventin Plugin Critical #Exploit https://t.co/fe97wjErLd
@d4rk_c0r3
21 May 2025
13 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚩 Critical WordPress Plugin Vulnerability Exposes 10K+ Sites to Cyber Attack https://t.co/74Zq1HnnRy A severe privilege escalation vulnerability (CVE-2025-47539) has been discovered in the popular WordPress plugin Eventin, allowing unauthenticated attackers to create
@Huntio
20 May 2025
413 Impressions
5 Retweets
12 Likes
2 Bookmarks
0 Replies
0 Quotes
Hey hunters ⚡️ Check this out: CVE-2025-47539 Critical WordPress vulnerability for pre-auth privilege escalation! Here's how the permissions are checked by the plugin - "return true;"😂 Many vulnerable websites out there, maybe your target too! FOFA query: https://t.co/BiMN
@chux13786509
19 May 2025
3611 Impressions
7 Retweets
51 Likes
26 Bookmarks
1 Reply
1 Quote
🚨 A zero-day in the #Eventin WordPress plugin lets attackers create admin accounts—no login needed. Patch CVE-2025-47539 ASAP. Read More: https://t.co/kYtbfriGhC #zeroday #Cybersecurity #WordPress #WordPressSecurity #CVE202547539 #Canada #CanadaCyberAwareness https://t.co/
@FindSecCyber
18 May 2025
42 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
🚨 Critical WordPress Plugin Vulnerability (CVE-2025-47539) affects 10K+ sites. Attackers can gain full admin access — no login needed. Here’s everything you need to know & how to patch it: 🔗 https://t.co/9So4TfSLbs #WordPress #CyberSecurity #CVE202547539 #PluginVu
@securecybernews
18 May 2025
10 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
⚡️The vulnerability details are now available: https://t.co/1HUzFjU4Vb 🚨CRITICAL WordPress Alert🚨CVE-2025-47539 (CVSS 9.8) exposes Eventin sites to UNAUTHENTICATED privilege escalation! Attackers can hijack admin access via a flawed REST API, leading to TOTAL site tak
@zoomeye_team
17 May 2025
365 Impressions
0 Retweets
5 Likes
0 Bookmarks
0 Replies
0 Quotes
WordPressの人気イベント管理プラグイン「Eventin」に深刻な脆弱性(CVE-2025-47539)が発見され、修正された。この脆弱性は、認証されていない攻撃者が管理者権限を取得し、サイトを完全に乗っ取る可能性がある
@yousukezan
16 May 2025
552 Impressions
0 Retweets
3 Likes
2 Bookmarks
0 Replies
0 Quotes
CVE-2025-47539: Critical Privilege Escalation Flaw Hits 10K+ WordPress Eventin Sites https://t.co/m3yyTTHkb8
@Dinosn
16 May 2025
1583 Impressions
0 Retweets
2 Likes
0 Bookmarks
0 Replies
0 Quotes