Stored Cross-Site Scripting Vulnerability in WpEvently Plugin for WordPress
CVE-2025-5568

5.4MEDIUM

Key Information:

Vendor

WordPress
Status
Event Manager And Tickets Selling Plugin For WooCommerce – WPevently – WordPress Plugin
Vendor
CVE Published:
7 June 2025

What is CVE-2025-5568?

The WpEvently plugin for WordPress suffers from a Stored Cross-Site Scripting vulnerability. This issue arises from inadequate input sanitization and insufficient output escaping across multiple parameters in all versions up to 4.4.2. Authenticated attackers with Contributor-level access or higher can exploit this vulnerability to inject malicious web scripts. Such scripts can execute whenever a user accesses an affected page, potentially compromising user data and the integrity of the site.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin * <= 4.4.2

References

https://www.wordfence.com/threat-intel/vulnerabilities/id...
https://wordpress.org/plugins/mage-eventpress/#developers
https://github.com/magepeopleteam/mage-eventpress/commit/...

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

Siavash Vaez Afshar
JSON
.