Event Espresso – Event Registration & Ticketing Sales

Vulnerabilities 9Slug event-espresso-decafLatest version 5.0.58.decafWordPress.org →

Minimum safe version

5.0.53.decaf

Update to 5.0.53.decaf or later to address 7 fixable vulnerabilities

Latest available5.0.58.decaf ✓⚠ 2 vulnerabilities have no fix

Medium 6.5

2026-01-22< 5.0.53.decaf

CVE-2025-68007

Medium 4.3

2025-12-30< 5.0.31.decaf

WordPress Event Espresso 4 Decaf Plugin <= 5.0.28.decaf is vulnerable to Cross Site Request Forgery (CSRF)

Medium 4.3

2024-08-21< 5.0.22.decaf

CVE-2024-6883

Medium 4.3

2023-07-01< 4.10.12

CVE-2021-4404

N/A Unfixed

2023-06-07≤ 4.10.11

CVE-2021-4342

Low 3.7

2024-06-03< 4.10.45.decaf

CVE-2023-27437

N/A

< 4.10.14

Multiple Plugins - CSRF Bypass

N/A Unfixed

≤ 4.10.11

Various Affected Software (Various Versions) - Cross-Site Request Forgery Bypass

N/A

2021-08-16< 4.10.12.decaf

WordPress Event Espresso 4 Decaf plugin <= 4.10.12.decaf - Cross-Site Request Forgery (CSRF) vulnerability