157 matches found
WordPress plugin EventPrime 输入验证错误漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation...
WordPress EventPrime plugin <= 4.0.4.5 - Open Redirection vulnerability
Open Redirection vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin EventPrime versions = 4.0.4.5...
CVE-2024-8369
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. This makes it possible for unauthenticated attackers to view...
WordPress EventPrime plugin <= 4.0.4.3 - Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure vulnerability
Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure vulnerability discovered by Miguel Santareno in WordPress Plugin EventPrime versions = 4.0.4.3...
WordPress EventPrime plugin <= 4.0.3.2 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin EventPrime versions = 4.0.3.2...
CVE-2024-31275 WordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerability
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.4...
WordPress EventPrime Plugin <= 3.3.4 is vulnerable to Broken Access Control
Software EventPrime Type Plugin Vulnerable versions = 3.3.4 Fixed in 3.3.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31275 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID 798327419eed Credits Joshua Chan Required privilege...
WordPress EventPrime Plugin <= 3.3.9 is vulnerable to Cross Site Scripting (XSS)
Software EventPrime Type Plugin Vulnerable versions = 3.3.9 Fixed in 3.4.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29776 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 775222193de6 Credits Mochamad Sofyan Required privilege...
CVE-2024-24832 WordPress EventPrime plugin <= 3.3.9 - Broken Access Control vulnerability
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9...
WordPress EventPrime Plugin <= 3.4.1 is vulnerable to Broken Access Control
Software EventPrime Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1126 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f1030a0eaeb5 Credits Lucio Sá Required privilege...
CVE-2024-1321
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 3.4.2. This is due to the plugin allowing unauthenticated users to update the status of order payments. This makes it possible for unauthenticated...
CVE-2024-1126
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getattendeesemailbyeventid function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, wi...
CVE-2024-1127
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bookingexportall function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with...
CVE-2024-1126 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Attendee List Retrieval
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getattendeesemailbyeventid function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, wi...
WordPress Plugin EventPrime Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
WordPress Plugin EventPrime Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
PT-2024-17941 · WordPress · Eventprime – Events Calendar
Name of the Vulnerable Software and Affected Versions: The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress versions up to, and including, 3.4.2 Description: The issue allows unauthenticated users to update the status of order payments, making it possible for attackers to...
WordPress EventPrime Plugin <= 3.4.3 is vulnerable to Cross Site Scripting (XSS)
Software EventPrime Type Plugin Vulnerable versions = 3.4.3 Fixed in 3.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1320 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0caa29a440c8 Credits Lucio Sá Required...
WordPress Plugin EventPrime Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...
CVE-2024-1320
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offlinestatus' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...