A severe privilege escalation vulnerability has been discovered in the popular WordPress plugin Eventin, putting more than 10,000 websites at risk of complete compromise.
The vulnerability, now tracked as CVE-2025-47539, allows unauthenticated attackers to create administrator accounts without any user interaction, giving them full control over affected websites.
https://cybersecuritynews.com/critical- ... erability/