Skip to main content

Wpevently

4 CVEs product

Monthly

CVE-2026-45441 HIGH This Week

Unauthenticated integrity compromise in the WpEvently WordPress plugin (versions 5.3.3 and earlier) by MagePeople allows remote attackers to alter application data over the network without privileges or user interaction. The vendor-supplied description is a Patchstack placeholder ('Other Vulnerability Type') and does not identify the specific endpoint or function, but the CVSS vector indicates high integrity impact with no confidentiality or availability impact. No public exploit identified at time of analysis.

Information Disclosure Wpevently
NVD
CVSS 3.1
7.5
EPSS
0.3%
CVE-2024-32110 MEDIUM This Month

Cross-Site request forgery (CSRF) vulnerability in Magepeople inc. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wpevently
NVD VulDB
CVSS 3.1
4.3
EPSS
0.0%
CVE-2026-25361 HIGH This Week

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the WpEvently WordPress plugin (mage-eventpress) affecting versions up to and including 5.1.4, allowing attackers to inject malicious scripts that execute in users' browsers when they visit crafted URLs. The vulnerability stems from improper neutralization of user input during web page generation (CWE-79), enabling attackers to steal session cookies, perform unauthorized actions, or redirect users to malicious sites. No CVSS score or EPSS data is currently available, but the Patchstack reporting and EUVD tracking indicate this is a documented and confirmed vulnerability requiring prompt patching.

XSS Wpevently
NVD VulDB
CVSS 3.1
7.1
EPSS
0.0%
CVE-2026-32354 MEDIUM PATCH This Month

WpEvently versions prior to 5.1.9 inadvertently expose sensitive information in transmitted data, allowing unauthenticated remote attackers to retrieve embedded secrets without user interaction. This information disclosure vulnerability affects the mage-eventpress plugin and could enable attackers to obtain credentials or other confidential data. No patch is currently available.

Information Disclosure Wpevently
NVD VulDB
CVSS 3.1
5.3
EPSS
0.0%
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated integrity compromise in the WpEvently WordPress plugin (versions 5.3.3 and earlier) by MagePeople allows remote attackers to alter application data over the network without privileges or user interaction. The vendor-supplied description is a Patchstack placeholder ('Other Vulnerability Type') and does not identify the specific endpoint or function, but the CVSS vector indicates high integrity impact with no confidentiality or availability impact. No public exploit identified at time of analysis.

Information Disclosure Wpevently
NVD
EPSS 0% CVSS 4.3
MEDIUM This Month

Cross-Site request forgery (CSRF) vulnerability in Magepeople inc. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

CSRF Wpevently
NVD VulDB
EPSS 0% CVSS 7.1
HIGH This Week

A Reflected Cross-Site Scripting (XSS) vulnerability exists in the WpEvently WordPress plugin (mage-eventpress) affecting versions up to and including 5.1.4, allowing attackers to inject malicious scripts that execute in users' browsers when they visit crafted URLs. The vulnerability stems from improper neutralization of user input during web page generation (CWE-79), enabling attackers to steal session cookies, perform unauthorized actions, or redirect users to malicious sites. No CVSS score or EPSS data is currently available, but the Patchstack reporting and EUVD tracking indicate this is a documented and confirmed vulnerability requiring prompt patching.

XSS Wpevently
NVD VulDB
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

WpEvently versions prior to 5.1.9 inadvertently expose sensitive information in transmitted data, allowing unauthenticated remote attackers to retrieve embedded secrets without user interaction. This information disclosure vulnerability affects the mage-eventpress plugin and could enable attackers to obtain credentials or other confidential data. No patch is currently available.

Information Disclosure Wpevently
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy