Eventprime
by Metagauss
CVEs (28)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-24378 | Cri | 0.64 | 9.8 | 0.01 | Mar 25, 2026 | Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through <= 4.2.8.0. | ||
| CVE-2024-24832 | Hig | 0.53 | 8.2 | 0.00 | Mar 23, 2024 | Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. | ||
| CVE-2025-69358 | Hig | 0.49 | 7.5 | 0.00 | Mar 25, 2026 | Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.6.0. | ||
| CVE-2026-25312 | Hig | 0.49 | 7.5 | 0.00 | Mar 19, 2026 | Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.3. | ||
| CVE-2024-12024 | Hig | 0.47 | 7.2 | 0.00 | Dec 17, 2024 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.7.3 due to insufficient input… | ||
| CVE-2024-1320 | Med | 0.42 | 6.5 | 0.00 | Mar 9, 2024 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offline_status' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it… | ||
| CVE-2024-1123 | Med | 0.42 | 6.5 | 0.00 | Mar 9, 2024 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_frontend_event_submission() function in all versions up to, and including, 3.4.2. This makes it possible… | ||
| CVE-2024-29776 | Med | 0.38 | 5.9 | 0.00 | Mar 27, 2024 | Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. | ||
| CVE-2024-1125 | Med | 0.35 | 5.4 | 0.00 | Mar 9, 2024 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all versions up to, and including, 3.4.3. This makes it possible for… | ||
| CVE-2026-25389 | Med | 0.34 | 5.3 | 0.00 | Feb 19, 2026 | Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.8.3. | ||
| CVE-2026-1657 | Med | 0.34 | 5.3 | 0.00 | Feb 17, 2026 | The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the upload_file_media AJAX action as publicly accessible (nopriv-enabled) without implementing any… | ||
| CVE-2026-24380 | Med | 0.34 | 5.3 | 0.00 | Jan 22, 2026 | Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.0. | ||
| CVE-2024-1321 | Med | 0.34 | 5.3 | 0.00 | Mar 13, 2024 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 3.4.2. This is due to the plugin allowing unauthenticated users to update the status of order payments. This makes it possible for… | ||
| CVE-2024-47648 | Med | 0.31 | 4.7 | 0.00 | Oct 10, 2024 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Metagauss EventPrime eventprime-event-calendar-management.This issue affects EventPrime: from n/a through <= 4.0.4.5. | ||
| CVE-2026-1655 | Med | 0.28 | 4.3 | 0.00 | Feb 18, 2026 | The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the save_frontend_event_submission function accepting a user-controlled event_id parameter and… | ||
| CVE-2025-63007 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2025 | Insertion of Sensitive Information Into Sent Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.4.1. | ||
| CVE-2025-63006 | Med | 0.28 | 4.3 | 0.00 | Dec 9, 2025 | Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.4.1. | ||
| CVE-2024-1127 | Med | 0.28 | 4.3 | 0.01 | Mar 13, 2024 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the booking_export_all() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated… | ||
| CVE-2024-1126 | Med | 0.28 | 4.3 | 0.00 | Mar 13, 2024 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_attendees_email_by_event_id() function in all versions up to, and including, 3.4.2. This makes it possible for… | ||
| CVE-2024-1124 | Med | 0.28 | 4.3 | 0.00 | Mar 9, 2024 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the ep_send_attendees_email() function in all versions up to, and including, 3.4.1. This makes it possible for… |
- risk 0.64cvss 9.8epss 0.01
Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through <= 4.2.8.0.
- risk 0.53cvss 8.2epss 0.00
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.6.0.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.3.
- risk 0.47cvss 7.2epss 0.00
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.7.3 due to insufficient input…
- risk 0.42cvss 6.5epss 0.00
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offline_status' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it…
- risk 0.42cvss 6.5epss 0.00
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_frontend_event_submission() function in all versions up to, and including, 3.4.2. This makes it possible…
- risk 0.38cvss 5.9epss 0.00
Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.
- risk 0.35cvss 5.4epss 0.00
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all versions up to, and including, 3.4.3. This makes it possible for…
- risk 0.34cvss 5.3epss 0.00
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.8.3.
- risk 0.34cvss 5.3epss 0.00
The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the upload_file_media AJAX action as publicly accessible (nopriv-enabled) without implementing any…
- risk 0.34cvss 5.3epss 0.00
Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.0.
- risk 0.34cvss 5.3epss 0.00
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 3.4.2. This is due to the plugin allowing unauthenticated users to update the status of order payments. This makes it possible for…
- risk 0.31cvss 4.7epss 0.00
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Metagauss EventPrime eventprime-event-calendar-management.This issue affects EventPrime: from n/a through <= 4.0.4.5.
- risk 0.28cvss 4.3epss 0.00
The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the save_frontend_event_submission function accepting a user-controlled event_id parameter and…
- risk 0.28cvss 4.3epss 0.00
Insertion of Sensitive Information Into Sent Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.4.1.
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.4.1.
- risk 0.28cvss 4.3epss 0.01
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the booking_export_all() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated…
- risk 0.28cvss 4.3epss 0.00
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_attendees_email_by_event_id() function in all versions up to, and including, 3.4.2. This makes it possible for…
- risk 0.28cvss 4.3epss 0.00
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the ep_send_attendees_email() function in all versions up to, and including, 3.4.1. This makes it possible for…
Page 1 of 2