10,000 WordPress Sites Affected by Arbitrary File Read Vulnerability in Eventin WordPress Plugin

TLDR: Wordfence's 2024 security report highlights an Arbitrary File Read vulnerability in the Eventin WordPress plugin (versions ≤4.0.26) allowing unauthenticated access to sensitive files. Discovered by researcher mikemyers, a patch (version 4.0.27) was released on April 30, 2025, after reports were validated. Users are urged to update immediately; Wordfence firewall protects against this vulnerability.

https://www.wordfence.com/blog/2025/05/10000-wordpress-sites-affected-by-arbitrary-file-read-vulnerability-in-eventin-wordpress-plugin/

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top