CSRF Vulnerability in WpEvently by Magepeople Inc.
CVE-2024-32110

4.3MEDIUM

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
11 June 2026

What is CVE-2024-32110?

A Cross-Site Request Forgery (CSRF) vulnerability has been identified in Magepeople Inc.'s WpEvently, allowing attackers to perform unauthorized actions on behalf of authenticated users without their consent. This issue affects all versions from n/a through 4.1.2, posing a significant risk to websites utilizing this plugin. Website administrators are advised to review and implement necessary security measures to mitigate this risk.

Affected Version(s)

WpEvently <= 4.1.2

References

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Dhabaleshwar Das | Patchstack Bug Bounty Program
.