Wpevently
Monthly
Unauthenticated integrity compromise in the WpEvently WordPress plugin (versions 5.3.3 and earlier) by MagePeople allows remote attackers to alter application data over the network without privileges or user interaction. The vendor-supplied description is a Patchstack placeholder ('Other Vulnerability Type') and does not identify the specific endpoint or function, but the CVSS vector indicates high integrity impact with no confidentiality or availability impact. No public exploit identified at time of analysis.
Cross-Site request forgery (CSRF) vulnerability in Magepeople inc. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the WpEvently WordPress plugin (mage-eventpress) affecting versions up to and including 5.1.4, allowing attackers to inject malicious scripts that execute in users' browsers when they visit crafted URLs. The vulnerability stems from improper neutralization of user input during web page generation (CWE-79), enabling attackers to steal session cookies, perform unauthorized actions, or redirect users to malicious sites. No CVSS score or EPSS data is currently available, but the Patchstack reporting and EUVD tracking indicate this is a documented and confirmed vulnerability requiring prompt patching.
WpEvently versions prior to 5.1.9 inadvertently expose sensitive information in transmitted data, allowing unauthenticated remote attackers to retrieve embedded secrets without user interaction. This information disclosure vulnerability affects the mage-eventpress plugin and could enable attackers to obtain credentials or other confidential data. No patch is currently available.
Unauthenticated integrity compromise in the WpEvently WordPress plugin (versions 5.3.3 and earlier) by MagePeople allows remote attackers to alter application data over the network without privileges or user interaction. The vendor-supplied description is a Patchstack placeholder ('Other Vulnerability Type') and does not identify the specific endpoint or function, but the CVSS vector indicates high integrity impact with no confidentiality or availability impact. No public exploit identified at time of analysis.
Cross-Site request forgery (CSRF) vulnerability in Magepeople inc. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
A Reflected Cross-Site Scripting (XSS) vulnerability exists in the WpEvently WordPress plugin (mage-eventpress) affecting versions up to and including 5.1.4, allowing attackers to inject malicious scripts that execute in users' browsers when they visit crafted URLs. The vulnerability stems from improper neutralization of user input during web page generation (CWE-79), enabling attackers to steal session cookies, perform unauthorized actions, or redirect users to malicious sites. No CVSS score or EPSS data is currently available, but the Patchstack reporting and EUVD tracking indicate this is a documented and confirmed vulnerability requiring prompt patching.
WpEvently versions prior to 5.1.9 inadvertently expose sensitive information in transmitted data, allowing unauthenticated remote attackers to retrieve embedded secrets without user interaction. This information disclosure vulnerability affects the mage-eventpress plugin and could enable attackers to obtain credentials or other confidential data. No patch is currently available.