How should operators remediate CVE-2024-6033?

Update to 4.0.5 or newer where that release is compatible with the site.

Vulnerability Report

Plugin Medium Patch path listed CVE-2024-6033

Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.4 - Missing Authorization to Authenticated (Contributor+) Event Data Import

Q: What is CVE-2024-6033?

CVE-2024-6033 is tracked as a Vulnerability issue affecting the Plugin Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered).

Q: Which Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) versions are affected?

The primary affected range is Versions up to 4.0.4.

The Event Manager, Events Calendar, Tickets, Registrations – Eventin plugin for WordPress is vulnerable to unauthorized data importation due to a missing capability check on the 'import_file' function in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to import events, speakers, schedules and attendee data.

Quick Answer

CVE-2024-6033 is a medium severity with CVSS 4.3 Vulnerability issue affecting the Plugin Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered). It affects Versions up to 4.0.4 and is fixed in 4.0.5.

Back to Feed View Plugin Hub Open CVE Reference

Published

Jul 16, 2024

Last Updated

Jul 17, 2024

Slug

wp-event-solution

Risk Profile

4.3 CVSS Score

Weakness

Missing Authorization

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Researchers

Peter Thaleikis

Operational Summary

What the operator needs to know

Share Email

Patch Status

Patched release is available

Remediation

Update to version 4.0.5, or a newer patched version

Operator Briefing

CVE-2024-6033 is tracked for the Plugin Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) as medium severity with CVSS 4.3. The affected range is Versions up to 4.0.4. Update Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) to 4.0.5 or newer where that version is compatible with the site.

Issue Type

Vulnerability

Primary Fixed Version

4.0.5

Primary Affected Range

Versions up to 4.0.4

Tracking ID

CVE-2024-6033

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/1725c7f3-2fac-4714-a63e-6c43694483fc?source=api-prod

Detailed Metadata

Software Type	Plugin
Software Slug	wp-event-solution View on wordpress.org
CVE	CVE-2024-6033
Patched Versions	4.0.5
Affected Versions	Versions up to 4.0.4

Related CVE Cluster

Related CVEs for Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)

These internal links group the same WordPress plugin by CVE, issue type, severity, and patch status so operators and search engines can connect the full vulnerability cluster.

Critical CVE-2025-47539 4.0.27 May 07, 2025

CVE-2025-47539 Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) Privilege Escalation

Eventin <= 4.0.26 - Missing Authorization to Unauthenticated Privilege Escalation

High CVE-2025-4796 4.0.35 Aug 08, 2025

CVE-2025-4796 Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) Authorization Bypass

Eventin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover

High CVE-2025-39584 4.0.26 Apr 16, 2025

CVE-2025-39584 Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) Local File Inclusion

Eventin <= 4.0.25 - Authenticated (Contributor+) Local File Inclusion

High CVE-2025-1770 4.0.25 Mar 19, 2025

CVE-2025-1770 Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) Local File Inclusion

Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.24 - Authenticated (Contributor+) Local File Inclusion

High CVE-2025-26964 4.0.21 Feb 23, 2025

CVE-2025-26964 Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) Local File Inclusion

Eventin <= 4.0.20 - Authenticated (Contributor+) Local File Inclusion

High CVE-2024-56213 4.0.9 Dec 19, 2024

CVE-2024-56213 Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) Local File Inclusion

Eventin <= 4.0.7 - Authenticated (Contributor+) Local File Inclusion

High CVE-2024-7149 4.0.9 Sep 26, 2024

CVE-2024-7149 Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) Local File Inclusion

Event Manager, Events Calendar, Tickets, Registrations – Eventin <= 4.0.8 - Authenticated (Contributor+) Local File Inclusion

High CVE-2025-68047 4.1.4 Jan 22, 2026

CVE-2025-68047 Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) Vulnerability

Eventin <= 4.1.3 - Authenticated (Contributor+) PHP Object Injection

Licensing Notices

This record contains material that is subject to copyright

DEFIANT

License: Defiant hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute this software vulnerability information. Any copy of the software vulnerability information you make for such purposes is authorized provided that you include a hyperlink to this vulnerability record and reproduce Defiant's copyright designation and this license in any such copy. Read more

MITRE

License: CVE Usage: MITRE hereby grants you a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare derivative works of, publicly display, publicly perform, sublicense, and distribute Common Vulnerabilities and Exposures (CVE®). Any copy you make for such purposes is authorized provided that you reproduce MITRE's copyright designation and this license in any such copy. Read more