CVE-2025-1770

Summary

CVE-2025-1770 is a vulnerability affecting the Eventin plugin for WordPress, specifically its Event Manager, Events Calendar, Tickets, and Registrations components. This issue, impacting versions up to 4.0.24, enables authenticated attackers with Contributor-level access and above to execute arbitrary PHP code. The vulnerability arises due to a Local File Inclusion flaw in the 'style' parameter, which allows attackers to include and execute any file on the server. The consequences of this vulnerability include bypassing access controls, obtaining sensitive data, and achieving code execution. It is essential to upgrade to a patched version to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.