High severity7.5NVD Advisory· Published May 8, 2025· Updated Apr 8, 2026
CVE-2025-3419
CVE-2025-3419
Description
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 4.0.26 via the proxy_image() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. CVE-2025-47445 is a duplicate of this vulnerability.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:themewinter:eventin:*:*:*:*:*:wordpress:*:*+ 1 more
- cpe:2.3:a:themewinter:eventin:*:*:*:*:*:wordpress:*:*range: <4.0.27
- (no CPE)range: <=4.0.26
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.