CVE-2025-48116
WordPress EventON <= 2.4.4 - Broken Access Control VulnerabilityMissing Authorization vulnerability in Ashan Perera EventON allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects EventON: from n/a through 2.4.4.
We have discovered 2,913 live websites that are affected by CVE-2025-48116.
Affected Software
| Product |  Eventon Lite |
| Category | Wordpress Plugins |
| Vulnerable Domains | 2,913 live websites (31.46% of Eventon Lite install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 68 versions ( 59.13% of all versions) |
Common Weakness Enumeration
CWE-862 Missing AuthorizationDetails
- Published - May 16, 2025
- Updated - May 16, 2025
Credits
- astra.r3verii (Patchstack Alliance) (finder)
CWE
CVE References
CWE References
CVE-2025-48116 usage by Country
 United States | 920 websites |
 Germany | 483 websites |
 France | 296 websites |
 Italy | 136 websites |
 Netherlands | 113 websites |
 GB | 104 websites |
 Spain | 86 websites |
 Switzerland | 59 websites |
 Denmark | 52 websites |
 Canada | 48 websites |
CVE-2025-48116 usage by TLD
| .com | 901 websites |
| .org | 324 websites |
| .de | 320 websites |
| .fr | 122 websites |
| .nl | 117 websites |
| .it | 108 websites |
| .co.uk | 71 websites |
| .ch | 51 websites |
| .net | 48 websites |
| .com.br | 44 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2025-48116
Top websites that are affected by CVE-2025-48116. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| *********************.org | United States | **,*** | |
| *******.org | United States | **,*** | |
| *********.org | United States | **,*** | |
| ********.com | United States | **,*** | |
| ************.hu |  Hungary | **,*** | |
| *******.com | United States | ***,*** | |
| ********************.ca | United States | ***,*** | |
| ********************.***.mx | United States | ***,*** | |
| ****************.in |  Cyprus | ***,*** | |
| ********.com | United States | ***,*** |
FAQ
CVE-2025-48116 is Missing Authorization in Eventon Lite
A total of 2,913 websites have been identified as vulnerable to CVE-2025-48116, based on global website indexing conducted by WebTechSurvey.
The Eventon Lite is affected by the CVE-2025-48116 vulnerability.
Eventon Lite versions up to and including 2.4.4 are vulnerable to CVE-2025-48116.