Primary

Context

WordPress WpEvently Plugin Deserialization of Untrusted Data Vulnerability

Vulnerability

A deserialization of untrusted data vulnerability has been identified in the WordPress WpEvently plugin, specifically in versions through 5.0.8. This vulnerability allows object injection, which could be exploited to manipulate the application's logic, potentially leading to a denial-of-service condition or arbitrary code execution. In some cases, it could allow unauthorized access to the admin panel.

Impact

Exploitation of this vulnerability could disrupt website operations, cause a denial-of-service, or allow arbitrary code execution. Additionally, it could be used to gain unauthorized access to the WordPress admin panel.

Remediation

Users of the WpEvently plugin should update to version 5.0.9 or later. Patchstack users can enable auto-update for vulnerable plugins.

Added: Feb 3, 2026, 3:35 PM

Updated: Feb 3, 2026, 7:52 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.2

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

4.2

remediation

0.0

relevance

2.5

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress WpEvently Plugin Deserialization of Untrusted Data Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating