442 matches found
CVE-2026-13441
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'neweventtypebackgroundcolor' parameter in all versions up to, and including, 4.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible...
EUVD-2026-42559
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'neweventtypebackgroundcolor' parameter in all versions up to, and including, 4.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2026-13441 EventPrime <= 4.3.4.2 - Unauthenticated Stored Cross-Site Scripting via 'new_event_type_background_color' Parameter
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'neweventtypebackgroundcolor' parameter in all versions up to, and including, 4.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2026-13441
EventPrime – Events Calendar, Bookings and Tickets for WordPress is affected by a stored cross-site scripting (Stored XSS) in the new_event_type_background_color parameter, present in all versions up to and including 4.3.4.2. The vulnerability arises from insufficient input sanitization and outpu...
CVE-2026-13441
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'neweventtypebackgroundcolor' parameter in all versions up to, and including, 4.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2026-56053
Subscriber PHP Object Injection in EventPrime = 4.3.4.1 versions...
EUVD-2026-39382
Subscriber PHP Object Injection in EventPrime = 4.3.4.1 versions...
CVE-2026-56053 WordPress EventPrime plugin <= 4.3.4.1 - PHP Object Injection vulnerability
Subscriber PHP Object Injection in EventPrime = 4.3.4.1 versions...
CVE-2026-56053
Subscriber PHP Object Injection in EventPrime = 4.3.4.1 versions...
CVE-2026-56053
CVE-2026-56053 concerns the WordPress plugin EventPrime (versions
PT-2026-52434
Name of the Vulnerable Software and Affected Versions EventPrime versions prior to 4.3.4.2 Description PHP Object Injection occurs when an application deserializes untrusted data, allowing an attacker to manipulate the object structure and potentially execute arbitrary code or perform unauthorize...
EUVD-2026-36955
Subscriber Insecure Direct Object References IDOR in EventPrime = 4.3.0.0 versions...
CVE-2026-42686
Subscriber Cross Site Scripting XSS in EventPrime = 4.3.2.1 versions...
CVE-2026-42687
Unauthenticated PHP Object Injection in EventPrime = 4.3.2.1 versions...
CVE-2026-39518
Subscriber Insecure Direct Object References IDOR in EventPrime = 4.3.0.0 versions...
CVE-2026-42687
The CVE-2026-42687 entry concerns the WordPress EventPrime plugin (versions ≤ 4.3.2.1). It describes an unauthenticated PHP Object Injection vulnerability in EventPrime, with a CVSS v3.1 base score of 8.1 (HIGH) and a network attack vector, no user interaction, and high impact on confidentiality,...
CVE-2026-42687 WordPress EventPrime plugin <= 4.3.2.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in EventPrime = 4.3.2.1 versions...
CVE-2026-42687 WordPress EventPrime plugin <= 4.3.2.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in EventPrime = 4.3.2.1 versions...
CVE-2026-42686
WordPress EventPrime plugin
EUVD-2026-36834
Subscriber Cross Site Scripting XSS in EventPrime = 4.3.2.1 versions...