PHP Remote File Inclusion Vulnerability in Themewinter Eventin Plugin
CVE-2025-39584
7.5HIGH
What is CVE-2025-39584?
A vulnerability in the Themewinter Eventin plugin allows for improper control over filename inclusion in PHP applications. This flaw can lead to PHP Local File Inclusion, which may be exploited by malicious actors to execute unauthorized scripts on a web server. Versions from n/a up to 4.0.25 are affected, providing an unacceptable risk for website integrity and security.
Affected Version(s)
Eventin 0 <= 4.0.25