Eventprime
by WordPress
CVEs (34)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2023-6447 | Med | 0.34 | 5.3 | 0.01 | Jan 22, 2024 | The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name. | ||
| CVE-2023-4252 | Med | 0.34 | 5.3 | 0.01 | Nov 27, 2023 | The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment. | ||
| CVE-2024-9865 | Med | 0.33 | 6.1 | 0.00 | Oct 24, 2024 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ep_booking_attendee_fields’ fields in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping.… | ||
| CVE-2024-9864 | Med | 0.33 | 6.1 | 0.00 | Oct 24, 2024 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket names in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping. This makes it possible for… | ||
| CVE-2024-47648 | Med | 0.31 | 4.7 | 0.00 | Oct 10, 2024 | URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Metagauss EventPrime eventprime-event-calendar-management.This issue affects EventPrime: from n/a through <= 4.0.4.5. | ||
| CVE-2026-1655 | Med | 0.28 | 4.3 | 0.00 | Feb 18, 2026 | The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the save_frontend_event_submission function accepting a user-controlled event_id parameter and… | ||
| CVE-2024-13526 | Med | 0.28 | 4.3 | 0.00 | Mar 7, 2025 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the export_submittion_attendees function in all versions up to, and including, 4.0.7.3. This makes it possible for… | ||
| CVE-2024-43223 | Med | 0.28 | 4.3 | 0.00 | Nov 1, 2024 | Missing Authorization vulnerability in EventPrime Events EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 4.0.3.2. | ||
| CVE-2024-1127 | Med | 0.28 | 4.3 | 0.01 | Mar 13, 2024 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the booking_export_all() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated… | ||
| CVE-2024-1126 | Med | 0.28 | 4.3 | 0.00 | Mar 13, 2024 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_attendees_email_by_event_id() function in all versions up to, and including, 3.4.2. This makes it possible for… | ||
| CVE-2024-1124 | Med | 0.28 | 4.3 | 0.00 | Mar 9, 2024 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the ep_send_attendees_email() function in all versions up to, and including, 3.4.1. This makes it possible for… | ||
| CVE-2023-5519 | Med | 0.28 | 4.3 | 0.00 | Oct 31, 2023 | The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. | ||
| CVE-2023-4251 | Med | 0.28 | 4.3 | 0.00 | Oct 31, 2023 | The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. | ||
| CVE-2025-12498 | Med | 0.21 | 4.3 | 0.00 | Nov 8, 2025 | The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized booking note creation due to a missing capability check on the 'booking_add_notes' function in all versions up to, and including, 4.2.0.0. This makes it possible for… |
- risk 0.34cvss 5.3epss 0.01
The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name.
- risk 0.34cvss 5.3epss 0.01
The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment.
- risk 0.33cvss 6.1epss 0.00
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ep_booking_attendee_fields’ fields in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping.…
- risk 0.33cvss 6.1epss 0.00
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket names in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping. This makes it possible for…
- risk 0.31cvss 4.7epss 0.00
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Metagauss EventPrime eventprime-event-calendar-management.This issue affects EventPrime: from n/a through <= 4.0.4.5.
- risk 0.28cvss 4.3epss 0.00
The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the save_frontend_event_submission function accepting a user-controlled event_id parameter and…
- risk 0.28cvss 4.3epss 0.00
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the export_submittion_attendees function in all versions up to, and including, 4.0.7.3. This makes it possible for…
- risk 0.28cvss 4.3epss 0.00
Missing Authorization vulnerability in EventPrime Events EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 4.0.3.2.
- risk 0.28cvss 4.3epss 0.01
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the booking_export_all() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated…
- risk 0.28cvss 4.3epss 0.00
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_attendees_email_by_event_id() function in all versions up to, and including, 3.4.2. This makes it possible for…
- risk 0.28cvss 4.3epss 0.00
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the ep_send_attendees_email() function in all versions up to, and including, 3.4.1. This makes it possible for…
- risk 0.28cvss 4.3epss 0.00
The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.
- risk 0.28cvss 4.3epss 0.00
The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.
- risk 0.21cvss 4.3epss 0.00
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized booking note creation due to a missing capability check on the 'booking_add_notes' function in all versions up to, and including, 4.2.0.0. This makes it possible for…
Page 2 of 2