The vulnerability CVE-2025-54742 affects the magepeopleteam WpEvently plugin for WordPress, specifically versions up to and including 4.4.8. It involves deserialization of untrusted data, which allows an attacker to perform object injection. This can lead to remote code execution or other severe impacts on the system. The CVSS v3.1 score is 8.8, indicating high severity, with attack vector network, low attack complexity, low privileges required, no user interaction, and full impact on confidentiality, integrity, and availability. No official patch or vendor advisory is currently available.

Successful exploitation of this vulnerability can lead to full compromise of the affected system, including unauthorized disclosure of information, modification of data, and disruption of service. Given the high CVSS score and the nature of object injection via deserialization, attackers may execute arbitrary code or commands on the server hosting the vulnerable plugin.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, consider disabling or removing the WpEvently plugin if feasible, or applying any available temporary mitigations recommended by the vendor. Monitor official channels for updates and apply patches promptly once available.