Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

wpeventmanager — Vulnerabilities & Security Advisories 6

Browse all 6 CVE security advisories affecting wpeventmanager. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Wpeventmanager is a WordPress plugin designed for event management and registration. Historically, it has been susceptible to multiple security vulnerabilities including remote code execution, cross-site scripting, and privilege escalation. The plugin's six recorded CVEs highlight recurring issues such as insufficient input validation and improper access controls. Notable security characteristics include its integration with WordPress core functionality, which can amplify potential impacts. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities suggests a need for careful implementation and regular updates. Users should maintain current versions and implement least privilege principles to mitigate risks associated with this plugin.

Top products by wpeventmanager: WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce WP User Profile Avatar
CVE IDTitleCVSSSeverityPublished
CVE-2025-2800 WP Event Manager <= 3.1.50 - Unauthenticated Stored Cross-Site Scripting via 'organizer_name' — WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerceCWE-79 7.2 High2025-07-16
CVE-2025-2799 WP Event Manager <= 3.1.49 - Authenticated (Administrator+) Stored Cross-Site Scripting — WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerceCWE-79 4.4 Medium2025-07-16
CVE-2024-10789 WP User Profile Avatar <= 1.0.5 - Cross-Site Request Forgery to Settings Update — WP User Profile AvatarCWE-352 4.3 Medium2025-01-16
CVE-2024-2691 WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce <= 3.1.43 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'events' Shortcode — WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerceCWE-79 6.4 Medium2024-07-16
CVE-2024-0976 WP Event Manager <= 3.1.41 - Reflected Cross-Site Scripting via plugin — WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerceCWE-79 6.1 Medium2024-03-13
CVE-2023-4423 WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce <= 3.1.37.1 - Authenticated (Admin+) Stored Cross-Site Scripting — WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerceCWE-79 4.4 Medium2023-09-27

This page lists every published CVE security advisory associated with wpeventmanager. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.