CVE-2026-32354
WordPress WpEvently plugin < 5.1.9 - Sensitive Data Exposure vulnerabilityInsertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects WpEvently: from n/a through < 5.1.9.
We have discovered 992 live websites that are affected by CVE-2026-32354.
Affected Software
| Product |  Mage Eventpress |
| Category | Wordpress Plugins |
| Vulnerable Domains | 992 live websites (100% of Mage Eventpress install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 3 versions ( 100% of all versions) |
Details
- Published - Mar 13, 2026
- Updated - Apr 1, 2026
Credits
- Bao - BlueRock | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2026-32354 United States | 310 websites |
 Germany | 107 websites |
 GB | 91 websites |
 France | 51 websites |
 Netherlands | 49 websites |
 Canada | 40 websites |
 Italy | 40 websites |
 Australia | 29 websites |
 South Africa | 26 websites |
 Belgium | 24 websites |
Website Distribution by TLD
Number of websites using CVE-2026-32354| .com | 369 websites |
| .org | 120 websites |
| .de | 69 websites |
| .co.uk | 53 websites |
| .nl | 48 websites |
| .it | 28 websites |
| .ca | 21 websites |
| .ch | 21 websites |
| .com.au | 21 websites |
| .fr | 20 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2026-32354
Top websites that are affected by CVE-2026-32354. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ***********.**.gov | United States | ***,*** | |
| *******.de | Germany | ***,*** | |
| ********************.org | United States | ***,*** | |
| ***.****.fr | France | ***,*** | |
| **********************.ca | Canada | ***,*** | |
| ***************.org | Germany | ***,*** | |
| ***********.***.uk | GB | ***,*** | |
| *****.***.au | Australia | ***,*** | |
| ***********.com | France | ***,*** | |
| *********.com | GB | ***,*** |
FAQ
A total of 992 websites have been identified as vulnerable to CVE-2026-32354, based on global website indexing conducted by WebTechSurvey.
The Mage Eventpress is affected by the CVE-2026-32354 vulnerability.
Mage Eventpress versions up to and including 5.1.9 are vulnerable to CVE-2026-32354.