CVE-2025-30831: 
WordPress vulnerability analysis and mitigation

A Local File Inclusion vulnerability was discovered in the Themify Event Post WordPress plugin affecting versions through 1.3.2. The vulnerability was assigned CVE-2025-30831 and was disclosed on March 27, 2025. This security issue affects the plugin's file inclusion functionality and requires Contributor or higher level privileges to exploit (Patchstack).

The vulnerability is classified as an Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') with a CVSS v3.1 base score of 7.5 (High). The vulnerability is tracked under CWE-98 and requires low privilege access with high attack complexity. The attack vector is network-accessible and can potentially impact confidentiality, integrity, and availability of the system (NVD).

The vulnerability could allow a malicious actor to include local files of the target website and display their contents. This could potentially expose sensitive information such as database credentials, which depending on the configuration, could lead to complete database compromise (Patchstack).

The vulnerability has been patched in version 1.3.3 of the Themify Event Post plugin. Users are advised to update to version 1.3.3 or later to remediate the security issue (Patchstack).