VYPR

Eventprime

by Metagauss

CVEs (28)

  • CVE-2026-24378CriMar 25, 2026
    risk 0.64cvss 9.8epss 0.01

    Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through <= 4.2.8.0.

  • CVE-2024-24832HigMar 23, 2024
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.

  • CVE-2025-69358HigMar 25, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.6.0.

  • CVE-2026-25312HigMar 19, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.3.

  • CVE-2024-12024HigDec 17, 2024
    risk 0.47cvss 7.2epss 0.00

    The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.7.3 due to insufficient input…

  • CVE-2024-1320MedMar 9, 2024
    risk 0.42cvss 6.5epss 0.00

    The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offline_status' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2024-1123MedMar 9, 2024
    risk 0.42cvss 6.5epss 0.00

    The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_frontend_event_submission() function in all versions up to, and including, 3.4.2. This makes it possible…

  • CVE-2024-29776MedMar 27, 2024
    risk 0.38cvss 5.9epss 0.00

    Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.

  • CVE-2024-1125MedMar 9, 2024
    risk 0.35cvss 5.4epss 0.00

    The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all versions up to, and including, 3.4.3. This makes it possible for…

  • CVE-2026-25389MedFeb 19, 2026
    risk 0.34cvss 5.3epss 0.00

    Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.8.3.

  • CVE-2026-1657MedFeb 17, 2026
    risk 0.34cvss 5.3epss 0.00

    The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the upload_file_media AJAX action as publicly accessible (nopriv-enabled) without implementing any…

  • CVE-2026-24380MedJan 22, 2026
    risk 0.34cvss 5.3epss 0.00

    Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.0.

  • CVE-2024-1321MedMar 13, 2024
    risk 0.34cvss 5.3epss 0.00

    The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 3.4.2. This is due to the plugin allowing unauthenticated users to update the status of order payments. This makes it possible for…

  • CVE-2024-47648MedOct 10, 2024
    risk 0.31cvss 4.7epss 0.00

    URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Metagauss EventPrime eventprime-event-calendar-management.This issue affects EventPrime: from n/a through <= 4.0.4.5.

  • CVE-2026-1655MedFeb 18, 2026
    risk 0.28cvss 4.3epss 0.00

    The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the save_frontend_event_submission function accepting a user-controlled event_id parameter and…

  • CVE-2025-63007MedDec 9, 2025
    risk 0.28cvss 4.3epss 0.00

    Insertion of Sensitive Information Into Sent Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.4.1.

  • CVE-2025-63006MedDec 9, 2025
    risk 0.28cvss 4.3epss 0.00

    Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.4.1.

  • CVE-2024-1127MedMar 13, 2024
    risk 0.28cvss 4.3epss 0.01

    The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the booking_export_all() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated…

  • CVE-2024-1126MedMar 13, 2024
    risk 0.28cvss 4.3epss 0.00

    The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_attendees_email_by_event_id() function in all versions up to, and including, 3.4.2. This makes it possible for…

  • CVE-2024-1124MedMar 9, 2024
    risk 0.28cvss 4.3epss 0.00

    The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the ep_send_attendees_email() function in all versions up to, and including, 3.4.1. This makes it possible for…

Page 1 of 2