160 matches found
CVE-2026-13441
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'neweventtypebackgroundcolor' parameter in all versions up to, and including, 4.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible...
EUVD-2026-42559
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'neweventtypebackgroundcolor' parameter in all versions up to, and including, 4.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2026-13441
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'neweventtypebackgroundcolor' parameter in all versions up to, and including, 4.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible...
CVE-2026-56053
CVE-2026-56053 concerns the WordPress plugin EventPrime (versions
CVE-2026-42687
The CVE-2026-42687 entry concerns the WordPress EventPrime plugin (versions ≤ 4.3.2.1). It describes an unauthenticated PHP Object Injection vulnerability in EventPrime, with a CVSS v3.1 base score of 8.1 (HIGH) and a network attack vector, no user interaction, and high impact on confidentiality,...
CVE-2026-42687 WordPress EventPrime plugin <= 4.3.2.1 - PHP Object Injection vulnerability
Unauthenticated PHP Object Injection in EventPrime = 4.3.2.1 versions...
CVE-2026-42686 WordPress EventPrime plugin <= 4.3.2.1 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in EventPrime = 4.3.2.1 versions...
CVE-2026-42686 WordPress EventPrime plugin <= 4.3.2.1 - Cross Site Scripting (XSS) vulnerability
Subscriber Cross Site Scripting XSS in EventPrime = 4.3.2.1 versions...
CVE-2026-42669 WordPress EventPrime plugin <= 4.3.2.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0...
CVE-2026-42669 WordPress EventPrime plugin <= 4.3.2.0 - Broken Access Control vulnerability
Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0...
CVE-2026-42669
CVE-2026-42669 affects WordPress EventPrime plugin up to version 4.3.2.0, with a Missing Authorization/Broken Access Control vulnerability stemming from incorrectly configured access control security levels. CVSS v3.1 base score 7.5 (HIGH), impact to integrity is high while confidentiality/availa...
WordPress EventPrime plugin <= 4.3.2.1 - Cross Site Scripting (XSS) vulnerability
Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin EventPrime versions = 4.3.2.1...
WordPress EventPrime plugin <= 4.3.0.0 - Insecure Direct Object References (IDOR) vulnerability
Insecure Direct Object References IDOR vulnerability discovered by James Pirstin in WordPress Plugin EventPrime versions = 4.3.0.0...
Exploit for CVE-2026-1657
CVE-2026-1657: Unauthenticated Arbitrary File Upload in EventP...
CVE-2026-24378
CVE-2026-24378 describes a Deserialization of Untrusted Data flaw in EventPrime (Events Calendar, Bookings and Tickets) that enables unauthenticated PHP object injection. Affected: EventPrime
CVE-2026-25312
WordPress EventPrime plugin
CVE-2026-25312 WordPress EventPrime plugin <= 4.2.8.3 - Payment Bypass vulnerability
Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 4.2.8.3...
WordPress EventPrime plugin <= 4.2.8.3 - Payment Bypass vulnerability
Payment Bypass vulnerability discovered by Zeeshan Haider in WordPress Plugin EventPrime versions = 4.2.8.3...
CVE-2026-25389
CVE-2026-25389 affects WordPress EventPrime (EventPrime: Metagauss) and is a Sensitive Data Exposure vulnerability. The issue allows retrieval of embedded sensitive data by an unauthenticated actor and affects EventPrime versions from n/a up to and including 4.2.8.3; the entry indicates it is pat...
CVE-2026-1655 EventPrime <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter
The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the savefrontendeventsubmission function accepting a user-controlled eventid parameter and updating the correspondi...