CVE-2025-3419

Name of the Vulnerable Software and Affected Versions Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress versions up to, and including, 4.0.26

Description The issue allows unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information, via the proxy image() function. This can be exploited to gain access to sensitive information.

Recommendations For versions up to, and including, 4.0.26, update to a version higher than 4.0.26 to resolve the issue. As a temporary workaround, consider disabling the proxy image() function until a patch is available.