{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-52731", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-06-19T10:02:39.647Z", "datePublished": "2025-08-14T10:34:01.225Z", "dateUpdated": "2026-04-01T15:56:12.051Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://codecanyon.net", "defaultStatus": "unaffected", "packageName": "eventin-pro", "product": "WordPress Event Manager, Event Calendar and Booking Plugin", "vendor": "themefunction", "versions": [{"changes": [{"at": "4.0.25", "status": "unaffected"}], "lessThanOrEqual": "4.0.24", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:41:34.982Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Exploiting Incorrectly Configured Access Control Security Levels.<p>This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through <= 4.0.24.</p>"}], "value": "Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through <= 4.0.24."}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "Exploiting Incorrectly Configured Access Control Security Levels"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T15:56:12.051Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/eventin-pro/vulnerability/wordpress-wordpress-event-manager-event-calendar-and-booking-plugin-plugin-4-0-24-arbitrary-content-deletion-vulnerability?_s_id=cve"}], "title": "WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Content Deletion Vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-14T13:32:40.556063Z", "id": "CVE-2025-52731", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-14T14:47:29.016Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-52731", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-14T13:32:40.556063Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-14T13:32:43.282Z"}}], "cna": {"title": "WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Content Deletion Vulnerability", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "user": "00000000-0000-4000-9000-000000000000", "value": "Tran Nguyen Bao Khanh (VCI - VNPT Cyber Immunity) (Patchstack Alliance)"}], "impacts": [{"capecId": "CAPEC-180", "descriptions": [{"lang": "en", "value": "CAPEC-180 Exploiting Incorrectly Configured Access Control Security Levels"}]}], "metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "themefunction", "product": "WordPress Event Manager, Event Calendar and Booking Plugin", "versions": [{"status": "affected", "changes": [{"at": "4.0.25", "status": "unaffected"}], "version": "n/a", "versionType": "custom", "lessThanOrEqual": "4.0.24"}], "packageName": "eventin-pro", "collectionURL": "https://codecanyon.net", "defaultStatus": "unaffected"}], "solutions": [{"lang": "en", "value": "Update the WordPress WordPress Event Manager, Event Calendar and Booking Plugin plugin to the latest available version (at least 4.0.25).", "supportingMedia": [{"type": "text/html", "value": "Update the WordPress WordPress Event Manager, Event Calendar and Booking Plugin plugin to the latest available version (at least 4.0.25).", "base64": false}]}], "references": [{"url": "https://patchstack.com/database/wordpress/plugin/eventin-pro/vulnerability/wordpress-wordpress-event-manager-event-calendar-and-booking-plugin-plugin-4-0-24-arbitrary-content-deletion-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through 4.0.24.", "supportingMedia": [{"type": "text/html", "value": "<p>Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Exploiting Incorrectly Configured Access Control Security Levels.</p><p>This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through 4.0.24.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2025-08-14T10:34:01.225Z"}}}, "cveMetadata": {"cveId": "CVE-2025-52731", "state": "PUBLISHED", "dateUpdated": "2025-08-14T14:47:29.016Z", "dateReserved": "2025-06-19T10:02:39.647Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2025-08-14T10:34:01.225Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin eventin-pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through <= 4.0.24."}, {"lang": "es", "value": "La vulnerabilidad de falta de autorizaci\u00f3n en la funci\u00f3n de tema del complemento Event Manager, Event Calendar and Booking para Wordpress permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al complemento Event Manager, Event Calendar and Booking para Wordpress desde la versi\u00f3n n/d hasta la 4.0.24."}], "id": "CVE-2025-52731", "lastModified": "2026-04-01T17:25:38.710", "metrics": {}, "published": "2025-08-14T11:15:42.820", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/eventin-pro/vulnerability/wordpress-wordpress-event-manager-event-calendar-and-booking-plugin-plugin-4-0-24-arbitrary-content-deletion-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"created": "2025-08-16T21:41:23.374903+00:00", "updated": "2025-08-16T21:41:23.374962+00:00", "vendors": ["themefunction", "themefunction$PRODUCT$wordpress_event_manager_event_calendar_and_booking_plugin", "wordpress", "wordpress$PRODUCT$wordpress"]}