Lucene search
K

442 matches found

NVD
NVD
added 5 days ago8 views

CVE-2026-13441

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'neweventtypebackgroundcolor' parameter in all versions up to, and including, 4.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS0.00247EPSS
Exploits0References8
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42559

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'neweventtypebackgroundcolor' parameter in all versions up to, and including, 4.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS6.1AI score0.00247EPSS
Exploits0References8
Cvelist
Cvelist
added 5 days ago31 views

CVE-2026-13441 EventPrime <= 4.3.4.2 - Unauthenticated Stored Cross-Site Scripting via 'new_event_type_background_color' Parameter

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'neweventtypebackgroundcolor' parameter in all versions up to, and including, 4.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS0.00247EPSS
Exploits0References8
CVE
CVE
added 5 days ago12 views

CVE-2026-13441

EventPrime – Events Calendar, Bookings and Tickets for WordPress is affected by a stored cross-site scripting (Stored XSS) in the new_event_type_background_color parameter, present in all versions up to and including 4.3.4.2. The vulnerability arises from insufficient input sanitization and outpu...

7.2CVSS6.1AI score0.00247EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-13441

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'neweventtypebackgroundcolor' parameter in all versions up to, and including, 4.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS6.1AI score0.00247EPSS
Exploits0References9
NVD
NVD
added 2026/06/25 2:16 p.m.6 views

CVE-2026-56053

Subscriber PHP Object Injection in EventPrime = 4.3.4.1 versions...

8.8CVSS0.00391EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/25 1:12 p.m.6 views

EUVD-2026-39382

Subscriber PHP Object Injection in EventPrime = 4.3.4.1 versions...

8.8CVSS5.8AI score0.00391EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/25 1:12 p.m.33 views

CVE-2026-56053 WordPress EventPrime plugin <= 4.3.4.1 - PHP Object Injection vulnerability

Subscriber PHP Object Injection in EventPrime = 4.3.4.1 versions...

8.8CVSS0.00391EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/25 1:12 p.m.4 views

CVE-2026-56053

Subscriber PHP Object Injection in EventPrime = 4.3.4.1 versions...

8.8CVSS5.8AI score0.00391EPSS
Exploits0References2
CVE
CVE
added 2026/06/25 1:12 p.m.18 views

CVE-2026-56053

CVE-2026-56053 concerns the WordPress plugin EventPrime (versions

8.8CVSS5.8AI score0.00391EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/25 12:0 a.m.7 views

PT-2026-52434

Name of the Vulnerable Software and Affected Versions EventPrime versions prior to 4.3.4.2 Description PHP Object Injection occurs when an application deserializes untrusted data, allowing an attacker to manipulate the object structure and potentially execute arbitrary code or perform unauthorize...

8.8CVSS6.1AI score0.00391EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/15 9:30 p.m.11 views

EUVD-2026-36955

Subscriber Insecure Direct Object References IDOR in EventPrime = 4.3.0.0 versions...

7.1CVSS5.2AI score0.00278EPSS
Exploits0References2
NVD
NVD
added 2026/06/15 9:16 p.m.10 views

CVE-2026-42686

Subscriber Cross Site Scripting XSS in EventPrime = 4.3.2.1 versions...

7.1CVSS0.00354EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.8 views

CVE-2026-42687

Unauthenticated PHP Object Injection in EventPrime = 4.3.2.1 versions...

8.1CVSS0.00317EPSS
Exploits0References1
NVD
NVD
added 2026/06/15 9:16 p.m.8 views

CVE-2026-39518

Subscriber Insecure Direct Object References IDOR in EventPrime = 4.3.0.0 versions...

7.1CVSS0.00278EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.18 views

CVE-2026-42687

The CVE-2026-42687 entry concerns the WordPress EventPrime plugin (versions ≤ 4.3.2.1). It describes an unauthenticated PHP Object Injection vulnerability in EventPrime, with a CVSS v3.1 base score of 8.1 (HIGH) and a network attack vector, no user interaction, and high impact on confidentiality,...

8.1CVSS5.3AI score0.00317EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.27 views

CVE-2026-42687 WordPress EventPrime plugin <= 4.3.2.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in EventPrime = 4.3.2.1 versions...

8.1CVSS0.00317EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:18 p.m.6 views

CVE-2026-42687 WordPress EventPrime plugin <= 4.3.2.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in EventPrime = 4.3.2.1 versions...

8.1CVSS5.3AI score0.00317EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.16 views

CVE-2026-42686

WordPress EventPrime plugin

7.1CVSS5.1AI score0.00354EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/15 8:18 p.m.10 views

EUVD-2026-36834

Subscriber Cross Site Scripting XSS in EventPrime = 4.3.2.1 versions...

7.1CVSS5.1AI score0.00354EPSS
Exploits0References1
Rows per page
Query Builder