PatchSiren cyber security CVE debrief
CVE-2026-45441 Magepeople inc. CVE debrief
CVE-2026-45441 is a HIGH-severity vulnerability (CVSS score of 7.5) affecting WpEvently plugin versions <= 5.3.3. The vulnerability is categorized as an unauthenticated other vulnerability type. The CVE was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-45441) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-45441).
- Vendor
- Magepeople inc.
- Product
- WpEvently
- CVSS
- HIGH 7.5
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of WpEvently plugin versions <= 5.3.3 should be aware of this vulnerability and take necessary actions to mitigate the risk.
Technical summary
The vulnerability has a CVSS vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N, indicating that it can be exploited remotely with low attack complexity and no privileges required. The primary weakness associated with this vulnerability is CWE-1284.
Defensive priority
HIGH
Recommended defensive actions
- Update WpEvently plugin to a version greater than 5.3.3.
- Refer to [ref-4](https://patchstack.com/database/wordpress/plugin/mage-eventpress/vulnerability/wordpress-wpevently-plugin-5-3-3-other-vulnerability-type-vulnerability?_s_id=cve) for mitigation or vendor reference.
Evidence notes
The vendor information is currently unknown, and the canonical source is listed as 'reference_domain_weak' with low confidence.
Official resources
-
CVE-2026-45441 CVE record
CVE.org
-
CVE-2026-45441 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-45441 was published on 2026-06-15T21:17:03.750Z and last modified on 2026-06-15T21:24:32.790Z.