Unrated severityNVD Advisory· Published May 15, 2025· Updated Nov 13, 2025

EventPrime – Events Calendar, Bookings and Tickets < 3.5.0 - Subscriber+ Arbitrary booking settings update

CVE-2024-4665

Description

The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce.

Affected products

WordPress/EventPrimedescription
Theeventprime/Eventprimellm-fuzzy
Range: <3.5.0
WordPress/Eventprimewp-canonicalize

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

wpscan.com/vulnerability/50b78cac-cad1-4526-9655-ae0440739796/mitreexploitvdb-entrytechnical-description

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000