Description
Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions.
Published: 2026-06-15
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is an unauthenticated Other Vulnerability Type in the WordPress WpEvently plugin through version 5.3.3. The issue is defined as a vulnerability that can be triggered without any prior authentication and is catalogued as CWE‑1284. The reported CVSS score of 7.5 signals a high severity, indicating that a successful exploitation could lead to unintended functionality or data exposure, though the exact impact is not explicitly detailed in the description.

Affected Systems

All instances of the WordPress WpEvently plugin purchased from Magepeople inc. that are running any version up to 5.3.3 are affected. No other vendors or products are listed in the CNA data for this CVE.

Risk and Exploitability

The CVSS score places this flaw in the high‑severity range, but the EPSS score of less than 1% suggests that, as of the data available, tools and malware are unlikely to be actively exploiting it yet. The vulnerability is not referenced in the CISA KEV catalog. Based on the description, the likely attack vector is through unauthenticated web requests to the plugin’s exposed endpoints, allowing an external actor to exploit the flaw without needing to authenticate to the WordPress site.

Generated by OpenCVE AI on June 16, 2026 at 23:15 UTC.

Remediation

Vendor Solution

Update the WordPress WpEvently Plugin to the latest available version (at least 5.3.4).

OpenCVE Recommended Actions

  • Update the WpEvently plugin to the latest version (at least 5.3.4).
  • If a patch cannot be applied immediately, temporarily disable or delete the plugin to eliminate the attack surface.
  • Continuously monitor the web application and server logs for abnormal requests that target the plugin’s URLs.

Generated by OpenCVE AI on June 16, 2026 at 23:15 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 16 Jun 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 15 Jun 2026 20:30:00 +0000

Type Values Removed Values Added
Description Unauthenticated Other Vulnerability Type in WpEvently <= 5.3.3 versions.
Title WordPress WpEvently plugin <= 5.3.3 - Other Vulnerability Type vulnerability
Weaknesses CWE-1284
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-06-16T14:37:21.093Z

Reserved: 2026-05-12T13:08:41.670Z

Link: CVE-2026-45441

cve-icon Vulnrichment

Updated: 2026-06-16T14:37:16.972Z

cve-icon NVD

Status : Deferred

Published: 2026-06-15T21:17:03.750

Modified: 2026-06-15T21:24:32.790

Link: CVE-2026-45441

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-16T23:30:15Z

Weaknesses
  • CWE-1284

    Improper Validation of Specified Quantity in Input