GCVE - cpe:2.3:a:emarket-design:event_rsvp_and_simple_event_management

Approved changes feed: RSS · Atom

cpe:2.3:a:emarket-design:event_rsvp_and_simple_event_management_plugin:*:*:*:*:*:*:*:*

part: a version: * update: *

Vendor	Emarket Design (`8fb61feb-3a38-520b-9ec4-c08f2531594e`)
Product	Event Rsvp And Simple Event Management Plugin (`634d3f1d-7b2c-5147-a6ed-681f688a6246`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-8420`	vulnerable	2026-06-03 15:13:43.575194	Multiple Plugins by emarket-design <= Multiple Versions - Unauthenticated Limited Remote Code Execution HIGH (8.1) Multiple plugins for WordPress by emarket-design with the 'emd-form-builder-lite' package are vulnerable to Remote Code Execution in various versions via the emd_form_builder_lite_pagenum function. This is due to the plugin not properly validating user input before using it as a function name. This makes it possible for unauthenticated attackers to execute code on the server, however, parameters can not be passed to the functions called Published: 2025-08-06T02:24:12.120Z Updated: 2026-04-08T16:56:28.904Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/601aa2b5-aeac-49bc-960d-4b4ff83e9229?source=cve https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3338854%40request-a-quote&new=3338854%40request-a-quote&sfp_email=&sfph_mail= https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3340992%40software-issue-manager&new=3340992%40software-issue-manager&sfp_email=&sfph_mail= https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3341064%40wp-ticket&new=3341064%40wp-ticket&sfp_email=&sfph_mail= https://plugins.trac.wordpress.org/changeset/3346435/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-5540`	vulnerable	2026-06-03 15:07:54.008932	Event RSVP and Simple Event Management Plugin <= 4.1.0 - Authenticated (Contributor+) Stored Cross-Site Scripting MEDIUM (6.4) The Event RSVP and Simple Event Management Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'emd_mb_meta' shortcode in all versions up to, and including, 4.1.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. Published: 2025-06-26T02:06:35.891Z Updated: 2026-04-08T17:32:16.547Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/f09ffc02-bfed-4aa3-a3d3-58e188b3e147?source=cve https://wordpress.org/plugins/wp-easy-events/ https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3324339%40wp-easy-events&new=3324339%40wp-easy-events&sfp_email=&sfph_mail=	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Event Rsvp And Simple Event Management Plugin

PURL mappings

Vulnerability references

Contribute