CVE-2025-52731

{"id": "CVE-2025-52731", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "audit@patchstack.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-08-14T11:15:42.820", "references": [{"url": "https://patchstack.com/database/wordpress/plugin/eventin-pro/vulnerability/wordpress-wordpress-event-manager-event-calendar-and-booking-plugin-plugin-4-0-24-arbitrary-content-deletion-vulnerability?_s_id=cve", "source": "audit@patchstack.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "audit@patchstack.com", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Missing Authorization vulnerability in themefunction WordPress Event Manager, Event Calendar and Booking Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WordPress Event Manager, Event Calendar and Booking Plugin: from n/a through 4.0.24."}, {"lang": "es", "value": "La vulnerabilidad de falta de autorizaci\u00f3n en la funci\u00f3n de tema del complemento Event Manager, Event Calendar and Booking para Wordpress permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta al complemento Event Manager, Event Calendar and Booking para Wordpress desde la versi\u00f3n n/d hasta la 4.0.24."}], "lastModified": "2025-08-14T13:11:53.633", "sourceIdentifier": "audit@patchstack.com"}