PHP Remote File Inclusion Vulnerability in Themewinter Eventin Plugin
CVE-2025-39584

Currently unrated

Key Information:

Vendor: WordPress
Status: Themewinter Eventin
Vendor: CVE Published:; 16 April 2025

Summary

A vulnerability in the Themewinter Eventin plugin allows for improper control over filename inclusion in PHP applications. This flaw can lead to PHP Local File Inclusion, which may be exploited by malicious actors to execute unauthorized scripts on a web server. Versions from n/a up to 4.0.25 are affected, providing an unacceptable risk for website integrity and security.

References

https://patchstack.com/database/wordpress/plugin/wp-event...

Timeline

Vulnerability published
Apr 16, 2025