A serious security flaw has been found in the Eventin plugin for WordPress, potentially exposing over 10,000 sites to cyberattacks. The flaw allowed any unauthenticated user administrative access to a site. Patchstack Alliance community member, Denver Jackson, discovered the flaw, which resided in the plugin’s REST API and was due to a lack of permission checks. Eventin has since addressed the vulnerability in Version 4.0.27.
VMware ESXi, Firefox, Red Hat Linux & SharePoint 0-Day Vulnerabilities Exploited
During Pwn2Own Berlin 2025, researchers exposed critical zero-day vulnerabilities in major platforms like VMware ESXi and Microsoft SharePoint, earning $435,000 in bounties. Notably, Nguyen Hoang
