VYPR

Eventprime

by Metagauss

CVEs (28)

  • CVE-2025-14507MedJan 13, 2026
    risk 0.27cvss 5.3epss 0.00

    The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive booking data…

  • CVE-2025-12498MedNov 8, 2025
    risk 0.21cvss 4.3epss 0.00

    The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized booking note creation due to a missing capability check on the 'booking_add_notes' function in all versions up to, and including, 4.2.0.0. This makes it possible for…

  • CVE-2024-4665May 15, 2025
    risk 0.00cvss epss 0.00

    The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce.

  • CVE-2024-9864Oct 24, 2024
    risk 0.00cvss epss 0.00

    The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket names in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping. This makes it possible for…

  • CVE-2024-9865Oct 24, 2024
    risk 0.00cvss epss 0.00

    The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ep_booking_attendee_fields’ fields in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping.…

  • CVE-2024-8369Sep 10, 2024
    risk 0.00cvss epss 0.00

    The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. This makes it possible for…

  • CVE-2024-31275Jun 9, 2024
    risk 0.00cvss epss 0.00

    Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.4.

  • CVE-2023-33321May 17, 2024
    risk 0.00cvss epss 0.01

    Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6.

Page 2 of 2