cleantalk
Vulnerabilities and Security Researches

WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce, CVE-2025-2800

CVE, Research URL

CVE-2025-2800

Home page URL

Security reports for WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce

Application

WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce

Published on
Jul 16, 2025
Research Description
The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘organizer_name' parameter in all versions up to, and including, 3.1.50 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 3.1.51.
Status
vulnerable
Previous vulnerability researches
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce (CVE-2025-2800) , Jul 19, 2025
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce (CVE-2023-4423) , Jun 07, 2024
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce (CVE-2021-24810) , Jun 07, 2024
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce (CVE-2023-47697) , Jun 07, 2024
WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce (CVE-2022-1474) , Jun 07, 2024
New vulnerability
Attachment Manager (CVE-2025-7643) , Jul 19, 2025
B1.lt (CVE-2025-6718) , Jul 19, 2025
B1.lt (CVE-2025-6717) , Jul 19, 2025
Widget for Google Reviews (CVE-2025-53565) , Jul 19, 2025
Appointment & Event Booking Calendar Plugin – Webba Booking (CVE-2025-54036) , Jul 19, 2025