Lucene search
K

157 matches found

CNNVD
CNNVD
added 2024/10/10 12:0 a.m.2 views

WordPress plugin EventPrime 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. An input validation...

6.1CVSS6.6AI score0.00251EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/09/30 12:41 p.m.6 views

WordPress EventPrime plugin <= 4.0.4.5 - Open Redirection vulnerability

Open Redirection vulnerability discovered by Muhamad Agil Fachrian Patchstack Alliance in WordPress Plugin EventPrime versions = 4.0.4.5...

6.1CVSS7AI score0.00251EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/09/10 12:15 p.m.4 views

CVE-2024-8369

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. This makes it possible for unauthenticated attackers to view...

5.3CVSS5.8AI score0.00349EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/09/10 1:24 a.m.4 views

WordPress EventPrime plugin <= 4.0.4.3 - Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure vulnerability

Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure vulnerability discovered by Miguel Santareno in WordPress Plugin EventPrime versions = 4.0.4.3...

5.3CVSS7AI score0.00349EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/08/09 12:58 p.m.47 views

WordPress EventPrime plugin <= 4.0.3.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Trương Hữu Phúc Patchstack Alliance in WordPress Plugin EventPrime versions = 4.0.3.2...

8.8CVSS7AI score0.00393EPSS
Exploits0Affected Software1
Vulnrichment
Vulnrichment
added 2024/06/09 6:16 p.m.18 views

CVE-2024-31275 WordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerability

Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.4...

8.2CVSS6.9AI score0.00472EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/04/05 12:0 a.m.15 views

WordPress EventPrime Plugin <= 3.3.4 is vulnerable to Broken Access Control

Software EventPrime Type Plugin Vulnerable versions = 3.3.4 Fixed in 3.3.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31275 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID 798327419eed Credits Joshua Chan Required privilege...

9.8CVSS6.6AI score0.00472EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2024/03/25 12:0 a.m.13 views

WordPress EventPrime Plugin <= 3.3.9 is vulnerable to Cross Site Scripting (XSS)

Software EventPrime Type Plugin Vulnerable versions = 3.3.9 Fixed in 3.4.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29776 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 775222193de6 Credits Mochamad Sofyan Required privilege...

5.9CVSS6.9AI score0.00356EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/23 2:53 p.m.25 views

CVE-2024-24832 WordPress EventPrime plugin <= 3.3.9 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9...

8.2CVSS8.4AI score0.00439EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/03/14 12:0 a.m.22 views

WordPress EventPrime Plugin <= 3.4.1 is vulnerable to Broken Access Control

Software EventPrime Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1126 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f1030a0eaeb5 Credits Lucio Sá Required privilege...

5.3CVSS6.5AI score0.00444EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2024/03/13 4:15 p.m.3 views

CVE-2024-1321

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 3.4.2. This is due to the plugin allowing unauthenticated users to update the status of order payments. This makes it possible for unauthenticated...

5.3CVSS7.3AI score0.00258EPSS
Exploits0References2
OSV
OSV
added 2024/03/13 4:15 p.m.3 views

CVE-2024-1126

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getattendeesemailbyeventid function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, wi...

4.3CVSS7.3AI score0.00444EPSS
Exploits0References2
OSV
OSV
added 2024/03/13 4:15 p.m.5 views

CVE-2024-1127

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the bookingexportall function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with...

4.3CVSS7.3AI score0.0053EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2024/03/13 3:27 p.m.14 views

CVE-2024-1126 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Attendee List Retrieval

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getattendeesemailbyeventid function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, wi...

4.3CVSS6.7AI score0.00444EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.3 views

WordPress Plugin EventPrime Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

5.3CVSS6.5AI score0.00444EPSS
Exploits0References3
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.6 views

WordPress Plugin EventPrime Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

4.3CVSS6.6AI score0.0053EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2024/03/13 12:0 a.m.5 views

PT-2024-17941 · WordPress · Eventprime – Events Calendar

Name of the Vulnerable Software and Affected Versions: The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress versions up to, and including, 3.4.2 Description: The issue allows unauthenticated users to update the status of order payments, making it possible for attackers to...

5.3CVSS7.1AI score0.00258EPSS
Exploits0References5
Patchstack
Patchstack
added 2024/03/13 12:0 a.m.14 views

WordPress EventPrime Plugin <= 3.4.3 is vulnerable to Cross Site Scripting (XSS)

Software EventPrime Type Plugin Vulnerable versions = 3.4.3 Fixed in 3.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1320 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0caa29a440c8 Credits Lucio Sá Required...

6.5CVSS5.6AI score0.00374EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/03/13 12:0 a.m.4 views

WordPress Plugin EventPrime Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in WordPres...

5.3CVSS6.8AI score0.00258EPSS
Exploits0References3
OSV
OSV
added 2024/03/09 7:15 a.m.4 views

CVE-2024-1320

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offlinestatus' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...

6.1CVSS7.4AI score0.00374EPSS
Exploits0References2
Rows per page
Query Builder