PatchSiren

Magepeople inc. CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH Magepeople inc. CVE published 2026-06-15

CVE-2026-45441

CVE-2026-45441 is a HIGH-severity vulnerability (CVSS score of 7.5) affecting WpEvently plugin versions <= 5.3.3. The vulnerability is categorized as an unauthenticated other vulnerability type. The CVE was published on [cvePublishedAt](https://www.cve.org/CVERecord?id=CVE-2026-45441) and last modified on [cveModifiedAt](https://nvd.nist.gov/vuln/detail/CVE-2026-45441).

HIGH Magepeople inc. CVE published 2026-06-15

CVE-2026-27089

CVE-2026-27089 is a HIGH severity vulnerability (CVSS Score: 7.5) in the WpTravelly plugin versions <= 2.1.7. The vulnerability is described as an unauthenticated bypass vulnerability. The CVE was published on 2026-06-15T21:16:40.767Z and last modified on 2026-06-15T21:24:32.790Z. The vendor and product information is not confirmed, but there is a reference to Patchstack as a potential source.

MEDIUM Magepeople inc. CVE published 2026-06-11

CVE-2024-32110

A Cross-Site Request Forgery (CSRF) vulnerability was discovered in the WpEvently plugin, affecting versions from n/a through 4.1.2. This vulnerability has been assigned a CVSS score of 4.3, indicating a medium severity level.

MEDIUM Magepeople inc. CVE published 2026-05-26

CVE-2026-27331

A Missing Authorization vulnerability in the WpTravelly WordPress plugin (versions through 2.1.5) allows authenticated attackers to exploit incorrectly configured access control security levels. The vulnerability is classified as CWE-862 (Missing Authorization) with a CVSS 3.1 score of 6.3 (MEDIUM severity). The affected product is WpTravelly, a tour booking manager plugin published by Magepeople inc. The [truncated]

MEDIUM Magepeople inc. CVE published 2026-05-26

CVE-2026-25444

A Missing Authorization vulnerability in the WpBookingly WordPress plugin (versions through 1.2.9) allows authenticated attackers with low privileges to exploit incorrectly configured access control security levels. The vulnerability, classified as CWE-862, was published to the NVD on May 26, 2026, and carries a CVSS 3.1 score of 4.3 (Medium severity). The issue affects the service-booking-manager plugin [truncated]

MEDIUM Magepeople inc. CVE published 2026-05-26

CVE-2026-25426

A Missing Authorization vulnerability (CWE-862) in the Taxi Booking Manager for WooCommerce WordPress plugin allows exploitation of incorrectly configured access control security levels. The vulnerability affects versions from n/a through 2.0.1. The issue was published to the CVE List on 2026-05-26 and carries a CVSS 3.1 score of 5.3 (MEDIUM severity). The vulnerability is characterized by broken access c [truncated]

MEDIUM Magepeople inc. CVE published 2026-05-20

CVE-2026-27405

CVE-2026-27405 is a missing authorization / broken access control issue in the WpBookingly WordPress plugin, affecting versions through 1.2.9. The CVE was published on 2026-05-20 and carries a CVSS 3.1 score of 6.5 (Medium). Based on the provided CVSS vector, exploitation requires elevated privileges, but successful abuse can impact both integrity and availability. This is not listed as a known CISA KEV i [truncated]