Lucene search
K

157 matches found

CNNVD
CNNVD
added 2026/02/17 12:0 a.m.10 views

WordPress plugin EventPrime 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00379EPSS
Exploits3References6
Positive Technologies
Positive Technologies
added 2026/02/17 12:0 a.m.10 views

PT-2026-8398

The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the upload file media AJAX action as publicly accessible nopriv-enabled without implementing any authentication, authorization, ...

5.3CVSS5.5AI score0.00379EPSS
Exploits3References7
Patchstack
Patchstack
added 2026/02/16 10:54 p.m.7 views

WordPress EventPrime plugin <= 4.2.8.4 - Missing Authorization to Unauthenticated Image Upload via 'ep_upload_file_media' AJAX Endpoint vulnerability

Missing Authorization to Unauthenticated Image Upload via 'epuploadfilemedia' AJAX Endpoint vulnerability discovered by Tharadol Suksamran d3kc4rt1 in WordPress Plugin EventPrime versions = 4.2.8.4...

5.3CVSS5.5AI score0.00379EPSS
Exploits3References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 11:16 a.m.8 views

WordPress EventPrime - Events Calendar, Bookings and Tickets plugin <= 3.4.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion vulnerability

WordPress EventPrime - Events Calendar, Bookings and Tickets plugin = 3.4.3 - Missing Authorization to Authenticated Subscriber+ Arbitrary Post Deletion vulnerability discovered by Lucio Sá in WordPress Plugin EventPrime versions = 3.4.3...

6.5CVSS5.4AI score0.00324EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/02/03 4:9 a.m.9 views

WordPress EventPrime plugin <= 3.4.2 - Unauthenticated Booking Payment Bypass vulnerability

Unauthenticated Booking Payment Bypass vulnerability discovered by Lucio Sá in WordPress Plugin EventPrime versions = 3.4.2...

5.3CVSS6.8AI score0.00258EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2026/01/30 7:31 a.m.7 views

WordPress EventPrime plugin <= 4.2.7.0 - Unauthenticated Sensitive Information Exposure via REST API vulnerability

Unauthenticated Sensitive Information Exposure via REST API vulnerability discovered by Deadbee - NA in WordPress Plugin EventPrime versions = 4.2.7.0...

5.3CVSS5.9AI score0.00378EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/01/22 12:0 a.m.6 views

WordPress plugin EventPrime has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00185EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/01/14 2:15 p.m.4 views

CVE-2025-14507

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive booking data including user names,...

5.3CVSS6.1AI score0.00378EPSS
Exploits0References1
NVD
NVD
added 2026/01/13 2:16 p.m.5 views

CVE-2025-14507

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive booking data including user names,...

5.3CVSS0.00378EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/01/13 1:49 p.m.3 views

CVE-2025-14507 EventPrime - Events Calendar, Bookings and Tickets <= 4.2.7.0 - Unauthenticated Sensitive Information Exposure via REST API

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive booking data including user names,...

5.3CVSS5.7AI score0.00378EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/01/13 1:49 p.m.17 views

CVE-2025-14507 EventPrime - Events Calendar, Bookings and Tickets <= 4.2.7.0 - Unauthenticated Sensitive Information Exposure via REST API

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive booking data including user names,...

5.3CVSS0.00378EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/01/13 12:0 a.m.13 views

PT-2026-2445

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive booking data including user names,...

5.3CVSS6.1AI score0.00378EPSS
Exploits0References8
CNNVD
CNNVD
added 2026/01/13 12:0 a.m.5 views

WordPress plugin EventPrime 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An information...

5.3CVSS5.8AI score0.00378EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/01/09 12:32 p.m.10 views

CVE-2023-4251

The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks...

4.3CVSS6.7AI score0.00231EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2026/01/09 12:31 p.m.8 views

CVE-2023-4250

The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...

6.1CVSS6AI score0.0042EPSS
Exploits2References1
CVE
CVE
added 2025/12/09 2:52 p.m.10 views

CVE-2025-63006

CVE-2025-63006 is a Missing Authorization vulnerability in Metagauss EventPrime (WordPress plugin: EventPrime – Events Calendar, Bookings and Tickets) affecting versions from n/a up to 4.2.4.1. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) yields a base score of 4.3 (Medium). Multiple...

4.3CVSS6.6AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 2:52 p.m.2 views

CVE-2025-63006 WordPress EventPrime plugin <= 4.2.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through = 4.2.4.1...

4.3CVSS6.6AI score0.0018EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/12/09 2:52 p.m.1 views

CVE-2025-63007 WordPress EventPrime plugin <= 4.2.4.1 - Sensitive Data Exposure vulnerability

Insertion of Sensitive Information Into Sent Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through = 4.2.4.1...

4.3CVSS6.5AI score0.00215EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/09 2:52 p.m.21 views

CVE-2025-63006 WordPress EventPrime plugin <= 4.2.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through = 4.2.4.1...

4.3CVSS0.0018EPSS
Exploits0References1
CVE
CVE
added 2025/12/09 2:52 p.m.6 views

CVE-2025-63007

CVE-2025-63007 is a WordPress EventPrime plugin vulnerability (versions

4.3CVSS6.5AI score0.00215EPSS
Exploits0References1
Rows per page
Query Builder