CVE-2025-1770

Published Mar 20, 2025

Last updated 16 days ago

CVSS high 8.8

Overview

Description
The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.0.24 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included.
Source
security@wordfence.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Primary
Base score
8.8
Impact score
5.9
Exploitability score
2.8
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Severity
HIGH

Weaknesses

security@wordfence.com
CWE-22

Social media

Hype score
Not currently trending

  1. �� CVE-2025-1770 - WordPress - HIGH 🚨 🗓️ Date published 2025-03-20 06:15:22 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/3mWjLqVPzh

    @vulns_space

    27 Mar 2025

    28 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. �� CVE-2025-1770 - WordPress - HIGH 🚨 🗓️ Date published 2025-03-20 06:15:22 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/uDle0Vqi1t

    @vulns_space

    20 Mar 2025

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2025-1770 The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.… https://t.co/uG2j8Z06QR

    @CVEnew

    20 Mar 2025

    376 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. [CVE-2025-1770: HIGH] The Eventin plugin for WordPress is vulnerable to Local File Inclusion up to version 4.0.24 via the 'style' parameter. Authenticated attackers with Contributor-level access can execute arbitr...#cybersecurity,#vulnerability https://t.co/MJkFeojAOn https://t.

    @CveFindCom

    20 Mar 2025

    14 Impressions

    0 Retweets

    1 Like

    0 Bookmarks

    0 Replies

    0 Quotes

References