VYPR

Eventprime

by WordPress

CVEs (34)

  • CVE-2024-31275HigJun 9, 2024
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.4.

  • CVE-2024-24832HigMar 23, 2024
    risk 0.53cvss 8.2epss 0.00

    Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.

  • CVE-2026-42669HigJun 2, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0.

  • CVE-2024-12024HigDec 17, 2024
    risk 0.47cvss 7.2epss 0.00

    The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.7.3 due to insufficient input…

  • CVE-2026-42686HigJun 15, 2026
    risk 0.46cvss 7.1epss 0.00

    Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions.

  • CVE-2026-39518HigJun 15, 2026
    risk 0.46cvss 7.1epss 0.00

    Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions.

  • CVE-2023-45637HigOct 25, 2023
    risk 0.46cvss 7.1epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime EventPrime – Events Calendar, Bookings and Tickets plugin <= 3.1.5 versions.

  • CVE-2023-35884HigJun 20, 2023
    risk 0.46cvss 7.1epss 0.00

    Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 3.0.5 versions.

  • CVE-2023-33326HigMay 28, 2023
    risk 0.46cvss 7.1epss 0.00

    Unauth. Reflected (XSS) Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 2.8.6 versions.

  • CVE-2024-4665MedMay 15, 2025
    risk 0.42cvss 6.4epss 0.00

    The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce.

  • CVE-2024-1320MedMar 9, 2024
    risk 0.42cvss 6.5epss 0.00

    The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offline_status' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it…

  • CVE-2024-1123MedMar 9, 2024
    risk 0.42cvss 6.5epss 0.00

    The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_frontend_event_submission() function in all versions up to, and including, 3.4.2. This makes it possible…

  • CVE-2023-5238MedOct 31, 2023
    risk 0.40cvss 6.1epss 0.00

    The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website.

  • CVE-2023-4250MedOct 31, 2023
    risk 0.40cvss 6.1epss 0.00

    The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.

  • CVE-2024-29776MedMar 27, 2024
    risk 0.38cvss 5.9epss 0.00

    Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.

  • CVE-2024-1125MedMar 9, 2024
    risk 0.35cvss 5.4epss 0.00

    The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all versions up to, and including, 3.4.3. This makes it possible for…

  • CVE-2026-1657MedFeb 17, 2026
    risk 0.34cvss 5.3epss 0.00

    The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the upload_file_media AJAX action as publicly accessible (nopriv-enabled) without implementing any…

  • CVE-2024-8369MedSep 10, 2024
    risk 0.34cvss 5.3epss 0.00

    The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. This makes it possible for…

  • CVE-2023-33321MedMay 17, 2024
    risk 0.34cvss 5.3epss 0.01

    Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6.

  • CVE-2024-1321MedMar 13, 2024
    risk 0.34cvss 5.3epss 0.00

    The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 3.4.2. This is due to the plugin allowing unauthenticated users to update the status of order payments. This makes it possible for…

Page 1 of 2