Eventprime
by WordPress
CVEs (34)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-31275 | Hig | 0.53 | 8.2 | 0.00 | Jun 9, 2024 | Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.4. | ||
| CVE-2024-24832 | Hig | 0.53 | 8.2 | 0.00 | Mar 23, 2024 | Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. | ||
| CVE-2026-42669 | Hig | 0.49 | 7.5 | 0.00 | Jun 2, 2026 | Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0. | ||
| CVE-2024-12024 | Hig | 0.47 | 7.2 | 0.00 | Dec 17, 2024 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.7.3 due to insufficient input… | ||
| CVE-2026-42686 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions. | ||
| CVE-2026-39518 | Hig | 0.46 | 7.1 | 0.00 | Jun 15, 2026 | Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions. | ||
| CVE-2023-45637 | Hig | 0.46 | 7.1 | 0.00 | Oct 25, 2023 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime EventPrime – Events Calendar, Bookings and Tickets plugin <= 3.1.5 versions. | ||
| CVE-2023-35884 | Hig | 0.46 | 7.1 | 0.00 | Jun 20, 2023 | Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 3.0.5 versions. | ||
| CVE-2023-33326 | Hig | 0.46 | 7.1 | 0.00 | May 28, 2023 | Unauth. Reflected (XSS) Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 2.8.6 versions. | ||
| CVE-2024-4665 | Med | 0.42 | 6.4 | 0.00 | May 15, 2025 | The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce. | ||
| CVE-2024-1320 | Med | 0.42 | 6.5 | 0.00 | Mar 9, 2024 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offline_status' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it… | ||
| CVE-2024-1123 | Med | 0.42 | 6.5 | 0.00 | Mar 9, 2024 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_frontend_event_submission() function in all versions up to, and including, 3.4.2. This makes it possible… | ||
| CVE-2023-5238 | Med | 0.40 | 6.1 | 0.00 | Oct 31, 2023 | The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website. | ||
| CVE-2023-4250 | Med | 0.40 | 6.1 | 0.00 | Oct 31, 2023 | The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | ||
| CVE-2024-29776 | Med | 0.38 | 5.9 | 0.00 | Mar 27, 2024 | Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. | ||
| CVE-2024-1125 | Med | 0.35 | 5.4 | 0.00 | Mar 9, 2024 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all versions up to, and including, 3.4.3. This makes it possible for… | ||
| CVE-2026-1657 | Med | 0.34 | 5.3 | 0.00 | Feb 17, 2026 | The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the upload_file_media AJAX action as publicly accessible (nopriv-enabled) without implementing any… | ||
| CVE-2024-8369 | Med | 0.34 | 5.3 | 0.00 | Sep 10, 2024 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. This makes it possible for… | ||
| CVE-2023-33321 | Med | 0.34 | 5.3 | 0.01 | May 17, 2024 | Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6. | ||
| CVE-2024-1321 | Med | 0.34 | 5.3 | 0.00 | Mar 13, 2024 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 3.4.2. This is due to the plugin allowing unauthenticated users to update the status of order payments. This makes it possible for… |
- risk 0.53cvss 8.2epss 0.00
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.4.
- risk 0.53cvss 8.2epss 0.00
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.
- risk 0.49cvss 7.5epss 0.00
Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0.
- risk 0.47cvss 7.2epss 0.00
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.7.3 due to insufficient input…
- risk 0.46cvss 7.1epss 0.00
Subscriber Cross Site Scripting (XSS) in EventPrime <= 4.3.2.1 versions.
- risk 0.46cvss 7.1epss 0.00
Subscriber Insecure Direct Object References (IDOR) in EventPrime <= 4.3.0.0 versions.
- risk 0.46cvss 7.1epss 0.00
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime EventPrime – Events Calendar, Bookings and Tickets plugin <= 3.1.5 versions.
- risk 0.46cvss 7.1epss 0.00
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 3.0.5 versions.
- risk 0.46cvss 7.1epss 0.00
Unauth. Reflected (XSS) Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 2.8.6 versions.
- risk 0.42cvss 6.4epss 0.00
The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce.
- risk 0.42cvss 6.5epss 0.00
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offline_status' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it…
- risk 0.42cvss 6.5epss 0.00
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_frontend_event_submission() function in all versions up to, and including, 3.4.2. This makes it possible…
- risk 0.40cvss 6.1epss 0.00
The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website.
- risk 0.40cvss 6.1epss 0.00
The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
- risk 0.38cvss 5.9epss 0.00
Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.
- risk 0.35cvss 5.4epss 0.00
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all versions up to, and including, 3.4.3. This makes it possible for…
- risk 0.34cvss 5.3epss 0.00
The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the upload_file_media AJAX action as publicly accessible (nopriv-enabled) without implementing any…
- risk 0.34cvss 5.3epss 0.00
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. This makes it possible for…
- risk 0.34cvss 5.3epss 0.01
Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6.
- risk 0.34cvss 5.3epss 0.00
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 3.4.2. This is due to the plugin allowing unauthenticated users to update the status of order payments. This makes it possible for…
Page 1 of 2