WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin

7.5 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Description

Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through 4.0.24.

Basic Information

ID CVE-2025-52731

Source Patchstack

Published Aug 14, 2025 at 10:34

Affected Product

Vendor themefunction

Product WordPress Event Manager, Event Calendar and Booking Plugin

Version n/a

Affected Versions themefunction WordPress Event Manager, Event Calendar and Booking Plugin n/a

CWE Classification

CWE-862

References

patchstack.com /database/wordpress/plugin/eventin-pro/vulnerability/wordpress-wordpress-event-manager-event-calendar-and-booking-plugin-plugin-4-0-24-arbitrary-content-deletion-vulnerability

{
    "lastseen": "",
    "description": "Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through 4.0.24.",
    "published": "2025-08-14T10:34:01.225Z",
    "modified": "2025-08-14T10:34:01.225Z",
    "type": "cve",
    "title": "WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Content Deletion Vulnerability",
    "source": "Patchstack",
    "references": "https://patchstack.com/database/wordpress/plugin/eventin-pro/vulnerability/wordpress-wordpress-event-manager-event-calendar-and-booking-plugin-plugin-4-0-24-arbitrary-content-deletion-vulnerability?_s_id=cve",
    "id": "CVE-2025-52731",
    "bulletinFamily": "",
    "cwe": [
        "CWE-862"
    ],
    "cvelist": null,
    "sourceData": "themefunction WordPress Event Manager, Event Calendar and Booking Plugin n/a",
    "sourceHref": "",
    "cvss": {
        "score": 7.5,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WordPress Event Manager, Event Calendar and Booking Plugin",
    "version": "n/a",
    "vendor": "themefunction",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

WordPress WordPress Event Manager, Event Calendar and Booking Plugin Plugin <= 4.0.24 - Arbitrary Content Deletion Vulnerability_CVE-2025-52731