CVE-2025-5568: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in magepeopleteam Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin
The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI Analysis
Technical Summary
CVE-2025-5568 is a stored Cross-Site Scripting (XSS) vulnerability identified in the WpEvently plugin for WordPress, specifically the Event Manager and Tickets Selling Plugin for WooCommerce developed by magepeopleteam. This vulnerability affects all versions up to and including 4.4.2. The root cause is insufficient input sanitization and output escaping on multiple parameters within the plugin, allowing an attacker with at least Contributor-level privileges to inject arbitrary malicious scripts into web pages generated by the plugin. These scripts are stored persistently and executed whenever any user accesses the compromised page, potentially leading to session hijacking, defacement, or redirection to malicious sites. The vulnerability does not require user interaction beyond visiting the injected page, and no higher privilege than Contributor is necessary, which is a relatively low bar in WordPress environments. The CVSS v3.1 base score is 6.4 (medium severity), reflecting network attack vector, low attack complexity, privileges required, no user interaction, and partial impact on confidentiality and integrity but no impact on availability. No known exploits are currently reported in the wild, and no official patches have been linked yet. This vulnerability falls under CWE-79, which is a common and well-understood web application security issue related to improper neutralization of input during web page generation.
Potential Impact
For European organizations using WordPress sites with the WpEvently plugin, this vulnerability poses a significant risk, especially for those managing event registrations and ticket sales online. Exploitation could lead to unauthorized script execution in the context of legitimate users, potentially compromising user credentials, stealing session cookies, or performing unauthorized actions on behalf of users. This could damage organizational reputation, lead to data breaches involving personal or payment information, and disrupt business operations. Since Contributor-level access is sufficient, attackers could leverage compromised or weak user accounts to inject malicious payloads. The impact is heightened for organizations with high traffic or sensitive user data, such as event organizers, cultural institutions, or ticketing platforms. Additionally, the persistent nature of stored XSS means the malicious code remains active until the vulnerability is remediated, increasing exposure time. The lack of available patches at the time of disclosure means organizations must rely on mitigation strategies to reduce risk. Given the widespread use of WooCommerce and WordPress in Europe, the threat could affect a broad range of sectors including entertainment, education, and public services.
Mitigation Recommendations
European organizations should immediately audit their WordPress installations to identify the presence of the WpEvently plugin and its version. If the plugin is installed, restrict Contributor-level and higher privileges strictly to trusted users to reduce the risk of malicious input. Implement Web Application Firewalls (WAFs) with rules targeting common XSS payloads to provide a protective layer until an official patch is released. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on affected pages. Regularly monitor logs and user-generated content for suspicious scripts or behavior. Encourage users to report any unusual site behavior. If feasible, temporarily disable or remove the plugin until a security update is available. Additionally, ensure WordPress core and all plugins are kept up to date to minimize exposure to other vulnerabilities. Conduct security awareness training for administrators and content contributors about the risks of XSS and the importance of input validation. Finally, prepare an incident response plan to quickly address any exploitation attempts.
Affected Countries
Germany, France, United Kingdom, Italy, Spain, Netherlands, Poland, Sweden, Belgium, Austria
CVE-2025-5568: CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in magepeopleteam Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin
Description
The WpEvently plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple parameters in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
AI-Powered Analysis
Technical Analysis
CVE-2025-5568 is a stored Cross-Site Scripting (XSS) vulnerability identified in the WpEvently plugin for WordPress, specifically the Event Manager and Tickets Selling Plugin for WooCommerce developed by magepeopleteam. This vulnerability affects all versions up to and including 4.4.2. The root cause is insufficient input sanitization and output escaping on multiple parameters within the plugin, allowing an attacker with at least Contributor-level privileges to inject arbitrary malicious scripts into web pages generated by the plugin. These scripts are stored persistently and executed whenever any user accesses the compromised page, potentially leading to session hijacking, defacement, or redirection to malicious sites. The vulnerability does not require user interaction beyond visiting the injected page, and no higher privilege than Contributor is necessary, which is a relatively low bar in WordPress environments. The CVSS v3.1 base score is 6.4 (medium severity), reflecting network attack vector, low attack complexity, privileges required, no user interaction, and partial impact on confidentiality and integrity but no impact on availability. No known exploits are currently reported in the wild, and no official patches have been linked yet. This vulnerability falls under CWE-79, which is a common and well-understood web application security issue related to improper neutralization of input during web page generation.
Potential Impact
For European organizations using WordPress sites with the WpEvently plugin, this vulnerability poses a significant risk, especially for those managing event registrations and ticket sales online. Exploitation could lead to unauthorized script execution in the context of legitimate users, potentially compromising user credentials, stealing session cookies, or performing unauthorized actions on behalf of users. This could damage organizational reputation, lead to data breaches involving personal or payment information, and disrupt business operations. Since Contributor-level access is sufficient, attackers could leverage compromised or weak user accounts to inject malicious payloads. The impact is heightened for organizations with high traffic or sensitive user data, such as event organizers, cultural institutions, or ticketing platforms. Additionally, the persistent nature of stored XSS means the malicious code remains active until the vulnerability is remediated, increasing exposure time. The lack of available patches at the time of disclosure means organizations must rely on mitigation strategies to reduce risk. Given the widespread use of WooCommerce and WordPress in Europe, the threat could affect a broad range of sectors including entertainment, education, and public services.
Mitigation Recommendations
European organizations should immediately audit their WordPress installations to identify the presence of the WpEvently plugin and its version. If the plugin is installed, restrict Contributor-level and higher privileges strictly to trusted users to reduce the risk of malicious input. Implement Web Application Firewalls (WAFs) with rules targeting common XSS payloads to provide a protective layer until an official patch is released. Employ Content Security Policy (CSP) headers to limit the execution of unauthorized scripts on affected pages. Regularly monitor logs and user-generated content for suspicious scripts or behavior. Encourage users to report any unusual site behavior. If feasible, temporarily disable or remove the plugin until a security update is available. Additionally, ensure WordPress core and all plugins are kept up to date to minimize exposure to other vulnerabilities. Conduct security awareness training for administrators and content contributors about the risks of XSS and the importance of input validation. Finally, prepare an incident response plan to quickly address any exploitation attempts.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-06-03T19:26:13.553Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 68443c7f71f4d251b50d005d
Added to database: 6/7/2025, 1:19:59 PM
Last enriched: 7/8/2025, 12:28:17 PM
Last updated: 8/15/2025, 4:54:37 AM
Views: 12
Related Threats
CVE-2025-3495: CWE-338 Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Delta Electronics COMMGR
CriticalCVE-2025-53948: CWE-415 Double Free in Santesoft Sante PACS Server
HighCVE-2025-52584: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-46269: CWE-122 Heap-based Buffer Overflow in Ashlar-Vellum Cobalt
HighCVE-2025-54862: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Santesoft Sante PACS Server
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.