cleantalk
Vulnerabilities and Security Researches

Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin, CVE-2025-5568

CVE, Research URL

CVE-2025-5568

Home page URL

Security reports for Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin

Application

Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin

Published on
Jun 07, 2025
Research Description
The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 4.4.3.
Status
vulnerable
Previous vulnerability researches
GamiPress – Link (CVE-2024-5536) , Jun 07, 2024
New vulnerability
Drag and Drop Multiple File Upload – Contact Form 7 (CVE-2025-3515) , Jun 18, 2025
Poll, Survey & Quiz Maker Plugin by Opinion Stage (CVE-2025-3880) , Jun 18, 2025
FW Food Menu – Responsive food menu with ordering & delivery solutions (CVE-2025-49447) , Jun 18, 2025
Simple Logo Carousel (CVE-2025-5700) , Jun 18, 2025
Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin (CVE-2025-5568) , Jun 17, 2025