Description
Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects WpEvently: from n/a through < 5.1.9.
Published: 2026-03-13
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Sensitive Data Exposure
Action: Patch Now
AI Analysis

Impact

The vulnerability in the magepeopleteam WpEvently WordPress plugin allows the insertion and subsequent retrieval of sensitive information within data that is transmitted by the plugin. This flaw falls under CWE-201 and directly undermines data confidentiality, potentially exposing private user or system information to unauthorized parties.

Affected Systems

All installations of the WpEvently plugin by magepeopleteam with a version older than 5.1.9 are affected. The CVE notes the range as "from n/a through < 5.1.9", meaning every version prior to 5.1.9 is vulnerable; no specific sub‑versions are listed.

Risk and Exploitability

The CVSS score of 5.3 indicates a medium severity, and the EPSS score of less than 1% suggests a low probability of exploitation at this time. The vulnerability is not listed in the CISA KEV catalog. Exploitation would likely occur via normal plugin usage or interaction with the plugin’s data sending functionality, as the flaw involves data being transmitted with unintended sensitive content. While no public exploits are noted, an attacker who can trigger the data transmission can read the embedded sensitive data.

Generated by OpenCVE AI on March 17, 2026 at 19:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the WpEvently plugin to version 5.1.9 or later.

Generated by OpenCVE AI on March 17, 2026 at 19:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 18:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Magepeopleteam
Magepeopleteam wpevently
Wordpress
Wordpress wordpress
Vendors & Products Magepeopleteam
Magepeopleteam wpevently
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects WpEvently: from n/a through < 5.1.9.
Title WordPress WpEvently plugin < 5.1.9 - Sensitive Data Exposure vulnerability
Weaknesses CWE-201
References

Subscriptions

Magepeopleteam Wpevently
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:15:57.692Z

Reserved: 2026-03-12T11:10:47.068Z

Link: CVE-2026-32354

cve-icon Vulnrichment

Updated: 2026-03-17T18:08:29.206Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:47.590

Modified: 2026-03-17T19:16:02.427

Link: CVE-2026-32354

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T09:59:02Z

Weaknesses