PHP Remote File Inclusion Vulnerability in Themewinter Eventin Plugin
CVE-2025-39584

7.5HIGH

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
16 April 2025

What is CVE-2025-39584?

A vulnerability in the Themewinter Eventin plugin allows for improper control over filename inclusion in PHP applications. This flaw can lead to PHP Local File Inclusion, which may be exploited by malicious actors to execute unauthorized scripts on a web server. Versions from n/a up to 4.0.25 are affected, providing an unacceptable risk for website integrity and security.

Affected Version(s)

Eventin 0 <= 4.0.25

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.