Eventprime
by WordPress
CVEs (9)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-24832 | Hig | 0.53 | 8.2 | 0.00 | Mar 23, 2024 | Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. | ||
| CVE-2024-12024 | Hig | 0.47 | 7.2 | 0.01 | Dec 17, 2024 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.7.3 due to insufficient input… | ||
| CVE-2024-29776 | Med | 0.38 | 5.9 | 0.00 | Mar 27, 2024 | Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. | ||
| CVE-2026-1657 | Med | 0.34 | 5.3 | 0.00 | Feb 17, 2026 | The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the upload_file_media AJAX action as publicly accessible (nopriv-enabled) without implementing any… | ||
| CVE-2026-1655 | Med | 0.28 | 4.3 | 0.00 | Feb 18, 2026 | The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the save_frontend_event_submission function accepting a user-controlled event_id parameter and… | ||
| CVE-2024-4665 | 0.00 | — | 0.00 | May 15, 2025 | The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce. | |||
| CVE-2024-9864 | 0.00 | — | 0.02 | Oct 24, 2024 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket names in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping. This makes it possible for… | |||
| CVE-2024-9865 | 0.00 | — | 0.02 | Oct 24, 2024 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ep_booking_attendee_fields’ fields in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping.… | |||
| CVE-2024-8369 | 0.00 | — | 0.01 | Sep 10, 2024 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. This makes it possible for… |
- risk 0.53cvss 8.2epss 0.00
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.
- risk 0.47cvss 7.2epss 0.01
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.7.3 due to insufficient input…
- risk 0.38cvss 5.9epss 0.00
Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.
- risk 0.34cvss 5.3epss 0.00
The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the upload_file_media AJAX action as publicly accessible (nopriv-enabled) without implementing any…
- risk 0.28cvss 4.3epss 0.00
The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the save_frontend_event_submission function accepting a user-controlled event_id parameter and…
- CVE-2024-4665May 15, 2025risk 0.00cvss —epss 0.00
The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce.
- CVE-2024-9864Oct 24, 2024risk 0.00cvss —epss 0.02
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket names in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping. This makes it possible for…
- CVE-2024-9865Oct 24, 2024risk 0.00cvss —epss 0.02
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ep_booking_attendee_fields’ fields in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping.…
- CVE-2024-8369Sep 10, 2024risk 0.00cvss —epss 0.01
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. This makes it possible for…