Local File Inclusion Vulnerability in Event Manager Plugin for WordPress by Eventin
CVE-2025-1770
8.8HIGH
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 20 March 2025
What is CVE-2025-1770?
The Event Manager plugin for WordPress is susceptible to Local File Inclusion through the 'style' parameter in versions up to 4.0.24. Authenticated users with Contributor-level access or higher can exploit this vulnerability, allowing them to include and execute arbitrary PHP files on the server. This issue can lead to unauthorised access, sensitive data leakage, and even the execution of malicious code if users are able to upload seemingly safe files such as images.
Affected Version(s)
Eventin – Event Manager, Events Calendar, Event Tickets and Registrations * <= 4.0.24