CVE-2025-0959
Eventer - WordPress Event & Booking Manager Plugin <= 3.9.9.2 - Authenticated (Subscriber+) SQL Injection via reg_idThe Eventer - WordPress Event & Booking Manager Plugin plugin for WordPress is vulnerable to SQL Injection via the reg_id parameter in all versions up to, and including, 3.9.9.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.
We have discovered 129 live websites that are affected by CVE-2025-0959.
Affected Software
| Product |  Eventer |
| Category | Wordpress Plugins |
| Vulnerable Domains | 129 live websites (100% of Eventer install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 0 versions ( less than 0.1% of all versions) |
Common Weakness Enumeration
CWE-564 SQL Injection: HibernateDetails
- Published - Mar 7, 2025
- Updated - Mar 7, 2025
Credits
- Lucio Sá (finder)
CVE References
CWE References
CWE
Website Distribution by Country
Number of websites using CVE-2025-0959 United States | 49 websites |
 GB | 11 websites |
 Germany | 10 websites |
 Canada | 8 websites |
 Netherlands | 8 websites |
 France | 7 websites |
 Italy | 5 websites |
 Cyprus | 4 websites |
 Belgium | 3 websites |
 Spain | 3 websites |
Website Distribution by TLD
Number of websites using CVE-2025-0959| .org | 35 websites |
| .com | 31 websites |
| .nl | 8 websites |
| .ca | 5 websites |
| .de | 5 websites |
| .it | 5 websites |
| .co.uk | 4 websites |
| .fr | 4 websites |
| .be | 3 websites |
| .es | 2 websites |
Websites affected by CVE-2025-0959
Top websites that are affected by CVE-2025-0959. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *************.org | United States | ***,*** | |
| ****.org | GB | ***,*** | |
| ************.org | United States | *,***,*** | |
| *************.edu | Canada | *,***,*** | |
| **********.be | Belgium | *,***,*** | |
| *********.de | Germany | *,***,*** | |
| ********.org | United States | *,***,*** | |
| *****.org | United States | *,***,*** | |
| *****************.nl | Netherlands | *,***,*** | |
| ***********.org |  Vietnam | *,***,*** |
FAQ
CVE-2025-0959 is SQL Injection: Hibernate in Eventer
A total of 129 websites have been identified as vulnerable to CVE-2025-0959, based on global website indexing conducted by WebTechSurvey.
The Eventer is affected by the CVE-2025-0959 vulnerability.
Eventer versions up to and including 3.9.9.2 are vulnerable to CVE-2025-0959.