The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 du

WORDPRESS

07-06-2025 09:20

CVE-2025-5568 Vulnerabilidad documentada

Sin puntuación

Tags

#wordpress

#site

#plugin

#cross

#wp

#web

#cross-site

#cross-site scripting

#attackers

#authenticated

#arbitrary

#vulnerable

#scripting

#inject

#execute

#attack

#access

Descripción

The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due insufficient input sanitization output escaping. This makes it possible authenticated attackers, with Contributor-level access above, inject arbitrary web scripts pages that will execute whenever a user accesses an injected page.

https://github.com/magepeopleteam/mage-eventpress/commit/c6f8d3233087881d3eb7ed3ebe9a6ebc7795f144

https://plugins.trac.wordpress.org/changeset/3307484

https://wordpress.org/plugins/mage-eventpress/#developers

https://www.wordfence.com/threat-intel/vulnerabilities/id/a3659c4d-3a19-4f74-9f6d-26d7b24ebe56?source=cve

Referencia

Link externo

Ver detalles

Fuente

https://nvd.nist.gov/vuln/detail/CVE-2025-5568

Resultados similares

Coincidentes en almenos en 50% de los tags

07-06-2025 CVE-2025-5528
The Social Sharing Plugin – Sassy Social Share plugin for WordPress is vulnerable to Reflecte...
Ver información

07-06-2025 CVE-2024-9994
The Essential Addons for Elementor – Best Elementor Addon, Templates, Widgets, Kits & WooComm...
Ver información