Browse all 4 CVE security advisories affecting Event Espresso. AI-powered Chinese analysis, POCs, and references for each vulnerability.
Event Espresso is a WordPress plugin for managing event registration and ticketing. Historically, it has faced vulnerabilities including remote code execution, cross-site scripting, and privilege escalation, with four CVEs recorded. Security issues have often stemmed from insufficient input validation and improper access controls. The plugin's integration with WordPress and payment processing systems creates multiple attack surfaces. While no major public security incidents have been widely documented, the consistent pattern of vulnerabilities suggests ongoing security challenges for users implementing this event management solution.
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2025-68007 | WordPress Event Espresso 4 Decaf plugin <= 5.0.37.decaf - Settings Change vulnerability — Event Espresso 4 DecafCWE-862 | 6.5 | Medium | 2026-01-22 |
| CVE-2024-56251 | WordPress Event Espresso plugin <= 5.0.28.decaf - Cross Site Request Forgery (CSRF) vulnerability — Event Espresso 4 DecafCWE-352 | 4.3 | Medium | 2025-01-02 |
| CVE-2023-27437 | WordPress Event Espresso 4 Decaf plugin <= 4.10.44.decaf - Bypass vulnerability — Event Espresso 4 DecafCWE-862 | 3.7 | Low | 2024-06-03 |
| CVE-2017-1002026 | WordPress Event Expresso Free SQL注入漏洞 — Event Expresso Free | 9.8 | - | 2017-09-14 |
This page lists every published CVE security advisory associated with Event Espresso. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.