CVE-2026-42669 WordPress EventPrime plugin <= 4.3.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0...

CVE-2026-42669

CVE-2026-42669 affects WordPress EventPrime plugin up to version 4.3.2.0, with a Missing Authorization/Broken Access Control vulnerability stemming from incorrectly configured access control security levels. CVSS v3.1 base score 7.5 (HIGH), impact to integrity is high while confidentiality/availa...

CVE-2026-42669 WordPress EventPrime plugin <= 4.3.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0...

WordPress EventPrime plugin <= 4.3.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin EventPrime versions = 4.3.2.1...

WordPress EventPrime plugin <= 4.3.0.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by James Pirstin in WordPress Plugin EventPrime versions = 4.3.0.0...

Exploit for CVE-2026-1657

CVE-2026-1657: Unauthenticated Arbitrary File Upload in EventP...

CVE-2026-24378

CVE-2026-24378 describes a Deserialization of Untrusted Data flaw in EventPrime (Events Calendar, Bookings and Tickets) that enables unauthenticated PHP object injection. Affected: EventPrime

CVE-2026-25312 WordPress EventPrime plugin <= 4.2.8.3 - Payment Bypass vulnerability

Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 4.2.8.3...

CVE-2026-25312

WordPress EventPrime plugin

WordPress EventPrime plugin <= 4.2.8.3 - Payment Bypass vulnerability

Payment Bypass vulnerability discovered by Zeeshan Haider in WordPress Plugin EventPrime versions = 4.2.8.3...

CVE-2026-25389

CVE-2026-25389 affects WordPress EventPrime (EventPrime: Metagauss) and is a Sensitive Data Exposure vulnerability. The issue allows retrieval of embedded sensitive data by an unauthenticated actor and affects EventPrime versions from n/a up to and including 4.2.8.3; the entry indicates it is pat...

CVE-2026-1655 EventPrime <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter

The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the savefrontendeventsubmission function accepting a user-controlled eventid parameter and updating the correspondi...

CVE-2026-1657 EventPrime <= 4.2.8.4 - Missing Authorization to Unauthenticated Image Upload via 'ep_upload_file_media' AJAX Endpoint

The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the uploadfilemedia AJAX action as publicly accessible nopriv-enabled without implementing any authentication, authorization, or...

CVE-2026-1657

The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the uploadfilemedia AJAX action as publicly accessible nopriv-enabled without implementing any authentication, authorization, or...

CVE-2026-1657

The EventPrime WordPress plugin (versions up to 4.2.8.4) is vulnerable to unauthenticated image/file upload via the ep_upload_file_media AJAX endpoint. The root cause is that the endpoint is registered as nopriv (public) without authentication, authorization, or nonce verification, allowing unaut...

PT-2026-8398

The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the upload file media AJAX action as publicly accessible nopriv-enabled without implementing any authentication, authorization, ...

WordPress plugin EventPrime 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

WordPress EventPrime plugin <= 4.2.8.4 - Missing Authorization to Unauthenticated Image Upload via 'ep_upload_file_media' AJAX Endpoint vulnerability

Missing Authorization to Unauthenticated Image Upload via 'epuploadfilemedia' AJAX Endpoint vulnerability discovered by Tharadol Suksamran d3kc4rt1 in WordPress Plugin EventPrime versions = 4.2.8.4...

WordPress EventPrime - Events Calendar, Bookings and Tickets plugin <= 3.4.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion vulnerability

WordPress EventPrime - Events Calendar, Bookings and Tickets plugin = 3.4.3 - Missing Authorization to Authenticated Subscriber+ Arbitrary Post Deletion vulnerability discovered by Lucio Sá in WordPress Plugin EventPrime versions = 3.4.3...

WordPress EventPrime plugin <= 3.4.2 - Unauthenticated Booking Payment Bypass vulnerability

Unauthenticated Booking Payment Bypass vulnerability discovered by Lucio Sá in WordPress Plugin EventPrime versions = 3.4.2...