Login Sign Up

CVE-2025-2799

4.4 MEDIUM
Cross-Site Scripting

📋 TL;DR

This stored XSS vulnerability in the WP Event Manager plugin allows authenticated administrators to inject malicious scripts into WordPress pages. The injected scripts execute when users visit affected pages, potentially compromising their sessions or browsers. Only multi-site WordPress installations and sites with unfiltered_html disabled are affected.

💻 Affected Systems

Products:
  • WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce
Versions: All versions up to and including 3.1.49
Operating Systems: All
Default Config Vulnerable: ✅ No
Notes: Only affects WordPress multi-site installations and installations where unfiltered_html capability is disabled.

📦 What is this software?

Wp Event Manager by Wp Eventmanager

View all CVEs affecting Wp Event Manager →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Administrator account compromise leads to site takeover, data theft, malware distribution to visitors, and complete loss of site integrity.

🟠

Likely Case

Malicious administrator injects tracking scripts, defaces pages, or steals visitor session cookies.

🟢

If Mitigated

Limited to administrators who already have high privileges, with impact contained to specific pages.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: LOW

Requires administrator-level access. Exploitation is straightforward once authenticated.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.1.50

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3309197/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find WP Event Manager plugin. 4. Click 'Update Now' if update available. 5. Alternatively, download version 3.1.50+ from WordPress repository and manually update.

🔧 Temporary Workarounds

Enable unfiltered_html capability

all

Enable the unfiltered_html capability for administrators to bypass the vulnerability condition.

Add to wp-config.php: define('DISALLOW_UNFILTERED_HTML', false);

Remove administrator access

all

Temporarily revoke administrator privileges from untrusted users.

Use WordPress user management to change roles to Editor or lower

🧯 If You Can't Patch

  • Implement strict access controls and monitor administrator activities
  • Deploy web application firewall with XSS protection rules

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → WP Event Manager version. If version ≤ 3.1.49 and site is multi-site or has unfiltered_html disabled, you are vulnerable.

Check Version:

wp plugin list --name='WP Event Manager' --field=version

Verify Fix Applied:

Confirm plugin version is 3.1.50 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual administrator activity modifying event tags
  • POST requests to event manager endpoints with script tags in parameters

Network Indicators:

  • Inbound requests containing script payloads in tag-name parameter

SIEM Query:

source="wordpress.log" AND "tag-name" AND ("<script>" OR "javascript:")

📊 Metadata

CVE ID: CVE-2025-2799
CVSS v3 Score: 4.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N
CWE: CWE-79
EPSS Score: 0.02% exploit probability (5.8th percentile)
Published: July 16, 2025
Last Updated: July 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-2799, you might also want to check these:

CVE-2021-39199 10.0

CVE-2021-39199 is a critical cross-site scripting (XSS) vulnerability in the remark-html Node.js lib...

Same vulnerability type (CWE-79)
CVE-2021-32671 10.0

This vulnerability in Flarum forum software allows attackers to inject malicious HTML/JavaScript int...

Same vulnerability type (CWE-79)
CVE-2021-32798 10.0

CVE-2021-32798 is a critical vulnerability in Jupyter Notebook that allows malicious notebook files ...

Same vulnerability type (CWE-79)