cbcvebase.

Wpminds Simple Wp Events vulnerabilities

4 known vulnerabilities affecting wpminds/simple_wp_events.

Total CVEs
4
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2MEDIUM1

Vulnerabilities

Page 1 of 1
CVE-2025-2004P2CRITICALCVSS 9.1≤ 1.8.172025-04-08
CVE-2025-2004 [CRITICAL] CWE-73 CVE-2025-2004: The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficie The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpe_delete_file AJAX action in all versions up to, and including, 1.8.17. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when t
nvd
CVE-2025-32509P3HIGHCVSS 7.5≤ 1.8.172025-04-11
CVE-2025-32509 [HIGH] CWE-22 CVE-2025-32509: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPMi Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WPMinds Simple WP Events simple-wp-events allows Path Traversal.This issue affects Simple WP Events: from n/a through <= 1.8.17.
nvd
CVE-2025-32594P3HIGHCVSS 7.5≤ 1.8.172025-04-17
CVE-2025-32594 [HIGH] CWE-201 CVE-2025-32594: Insertion of Sensitive Information Into Sent Data vulnerability in WPMinds Simple WP Events simple-w Insertion of Sensitive Information Into Sent Data vulnerability in WPMinds Simple WP Events simple-wp-events allows Retrieve Embedded Sensitive Data.This issue affects Simple WP Events: from n/a through <= 1.8.17.
nvd
CVE-2025-32193P4MEDIUMCVSS 6.5≤ 1.8.172025-04-04
CVE-2025-32193 [MEDIUM] CWE-79 CVE-2025-32193: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability i Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WPMinds Simple WP Events simple-wp-events allows Stored XSS.This issue affects Simple WP Events: from n/a through <= 1.8.17.
nvd
Wpminds Simple Wp Events vulnerabilities | cvebase