CVE-2025-1766

Name of the Vulnerable Software and Affected Versions Eventin plugin for WordPress versions up to, and including, 4.0.24

Description The issue allows unauthorized modification of data due to a missing capability check on the payment complete function. This makes it possible for unauthenticated attackers to update the status of ticket payments to 'completed', possibly resulting in financial loss.

Recommendations For versions up to, and including, 4.0.24, update to a version higher than 4.0.24 to resolve the issue. As a temporary workaround, consider disabling the payment complete function until a patch is available.