CVE-2025-2799 in WP Event Manager Plugininfo

Summary

by MITRE • 07/16/2025

The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘tag-name’ parameter in all versions up to, and including, 3.1.49 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level access, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This only affects multi-site installations and installations where unfiltered_html has been disabled.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

Analysis

by VulDB Data Team • 07/16/2025

The vulnerability identified as CVE-2025-2799 affects the WP Event Manager plugin for WordPress, specifically targeting versions up to and including 3.1.49. This represents a critical stored cross-site scripting vulnerability that exploits the 'tag-name' parameter within the plugin's functionality. The flaw exists within the plugin's handling of user input and output rendering processes, creating a persistent security risk that can be exploited by authenticated attackers who possess administrator-level privileges. The vulnerability's impact is particularly concerning because it allows attackers to inject malicious scripts that execute whenever any user accesses pages containing the injected content, making it a significant threat to WordPress site security.

The technical nature of this vulnerability stems from insufficient input sanitization and inadequate output escaping mechanisms within the plugin's codebase. When administrators interact with the plugin's tag management features, the 'tag-name' parameter fails to properly validate or sanitize user-supplied input before storing it in the database. This lack of proper input validation creates a persistent XSS vector where malicious scripts can be stored and executed later when legitimate users access affected pages. The vulnerability operates under CWE-79 which specifically addresses Cross-Site Scripting flaws, and aligns with ATT&CK technique T1566.001 for initial access through malicious content. The flaw's persistence is characteristic of stored XSS attacks where the malicious payload is saved on the server rather than being reflected in a single request.

The operational impact of this vulnerability is severe for affected WordPress installations, particularly those utilizing multi-site configurations where the unfiltered_html capability has been disabled. Attackers with administrator access can leverage this vulnerability to execute arbitrary web scripts that may include malicious payloads designed to steal user credentials, redirect visitors to phishing sites, or establish persistent backdoors within the WordPress environment. The multi-site installation requirement means that a successful exploitation could potentially affect multiple sites within a single WordPress network, amplifying the attack's scope and impact. This vulnerability undermines the security model of WordPress installations by allowing privileged attackers to bypass normal security controls and execute code within the context of other users' browsers.

Organizations affected by this vulnerability should immediately implement mitigation strategies focusing on both immediate remediation and long-term security enhancements. The primary recommendation involves upgrading to the latest version of the WP Event Manager plugin where the XSS vulnerability has been addressed through proper input sanitization and output escaping mechanisms. Additionally, administrators should consider implementing additional security measures such as restricting administrator privileges to only necessary users, implementing content security policies to limit script execution, and conducting regular security audits of installed plugins. The vulnerability also highlights the importance of maintaining current security practices including regular plugin updates, monitoring for suspicious administrative activities, and implementing proper access controls to limit the potential impact of compromised administrator accounts. Organizations should also consider deploying web application firewalls and security monitoring solutions that can detect and prevent exploitation attempts targeting known XSS vulnerabilities in WordPress plugins.

Reservation

03/25/2025

Disclosure

07/16/2025

Moderation

accepted

CPE

ready

EPSS

0.00205

KEV

no

Activities

very low

Sources

Do you know our Splunk app?

Download it now for free!