Unauthenticated Vulnerability in WpEvently Plugin by WordPress
CVE-2026-45441

7.5HIGH

Key Information:

Vendor

WordPress

Status
Vendor
CVE Published:
15 June 2026

What is CVE-2026-45441?

The WpEvently plugin, used in WordPress environments, contains an unauthenticated vulnerability allowing unauthorized access to sensitive functionalities. This issue affects versions up to 5.3.3 and may lead to exploitation if not addressed. Site administrators are advised to review their current plugin version and take appropriate action to mitigate potential risks.

Affected Version(s)

WpEvently <= 5.3.3

References

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
High
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Credit

dodoh4t | Patchstack Bug Bounty Program
.