Deserialization Vulnerability in Arraytics Eventin Plugin by WordPress
CVE-2025-68047
8.8HIGH
What is CVE-2025-68047?
A vulnerability exists in the Arraytics Eventin plugin for WordPress, allowing for object injection due to deserialization of untrusted data. This flaw affects Eventin versions from n/a to 4.1.1, enabling attackers to exploit the plugin's deserialization feature and potentially execute arbitrary code. It is crucial for users to update their plugins to secure their WordPress installations against such vulnerabilities.
Affected Version(s)
Eventin 0 <= 4.1.3