CVE-2025-5540 – WordPress Event RSVP and Simple Event Management Plugin Stored Cross-Site Scripting Vulnerability

June 26, 2025

CVE ID : CVE-2025-5540

Published : June 26, 2025, 2:15 a.m. | 2 hours, 52 minutes ago

Description : The Event RSVP and Simple Event Management Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin’s ’emd_mb_meta’ shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5559 – WordPress TimeZoneCalculator Stored Cross-Site Scripting Vulnerability

Next Article CVE-2025-4334 – WordPress Simple User Registration Privilege Escalation Vulnerability

tRPC vs GraphQL vs REST: Choosing the right API design for modern web applications

Jakarta EE 11 Platform launches with modernized Test Compatibility Kit framework

Can Good UX Protect Older Users From Digital Scams?

Warp 2.0 evolves terminal experience into an Agentic Development Environment

Microsoft Copilot secures a spot in classrooms as a “thought partner” — with Copilot Chat backed by OpenAI’s GPT-4o

OpenAI started as a “countervailing force” to Google — did Elon Musk and Sam Altman torpedo DeepMind’s plans to dictate AGI?

Gears of War: Reloaded preorders — where to buy and everything you need to know

OpenAI’s Sam Altman breaks silence on Microsoft feud with Satya Nadella — citing “points of tension” amid evolution plans

Are Semantic Layers Sexy Again? or The Rise and Fall and Rise of Semantic Layers

Are Semantic Layers Sexy Again? or The Rise and Fall and Rise of Semantic Layers

Salesforce Marketing Cloud Engagement vs. Oracle Eloqua

Exploring Lucidworks Fusion and Coveo Using Apache Solr

Microsoft Copilot secures a spot in classrooms as a “thought partner” — with Copilot Chat backed by OpenAI’s GPT-4o

Microsoft Copilot secures a spot in classrooms as a “thought partner” — with Copilot Chat backed by OpenAI’s GPT-4o

OpenAI started as a “countervailing force” to Google — did Elon Musk and Sam Altman torpedo DeepMind’s plans to dictate AGI?

Gears of War: Reloaded preorders — where to buy and everything you need to know

CVE-2025-5540 – WordPress Event RSVP and Simple Event Management Plugin Stored Cross-Site Scripting Vulnerability

CVE-2025-36038: Critical RCE Vulnerability Discovered in IBM WebSphere Application Server

Cisco ISE Vulnerabilities June 2025

EcoFlow’s newest portable A/C aims to save the day – but will it deliver?

Is your Microsoft account passwordless yet? Why it (probably) should be and how to do it right

Google Drops Cookie Prompt in Chrome, Adds IP Protection to Incognito

Develop Frontend Without a Backend Using Mock Service Worker

Google Helps Devs Build Safe Android Apps with THIS Play Policy – Find Out More Here

CVE-2006-2192 – CVE-2022-0001: Cisco Webex Meeting Server Integer Overflow Vulnerability

October CMS: A Modern CMS for Developers and Creators

CVE-2024-54172 – IBM Sterling B2B Integrator and IBM Sterling File Gateway Cross-Site Request Forgery

CVE-2025-5540 – WordPress Event RSVP and Simple Event Management Plugin Stored Cross-Site Scripting Vulnerability

Related Posts