TLDR: Wordfence's 2024 security report highlights an Arbitrary File Read vulnerability in the Eventin WordPress plugin (versions ≤4.0.26) allowing unauthenticated access to sensitive files. Discovered by researcher mikemyers, a patch (version 4.0.27) was released on April 30, 2025, after reports were validated. Users are urged to update immediately; Wordfence firewall protects against this vulnerability.
10,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in Eventin WordPress Plugin
