157 matches found
WordPress plugin EventPrime 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
PT-2026-8398
The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the upload file media AJAX action as publicly accessible nopriv-enabled without implementing any authentication, authorization, ...
WordPress EventPrime plugin <= 4.2.8.4 - Missing Authorization to Unauthenticated Image Upload via 'ep_upload_file_media' AJAX Endpoint vulnerability
Missing Authorization to Unauthenticated Image Upload via 'epuploadfilemedia' AJAX Endpoint vulnerability discovered by Tharadol Suksamran d3kc4rt1 in WordPress Plugin EventPrime versions = 4.2.8.4...
WordPress EventPrime - Events Calendar, Bookings and Tickets plugin <= 3.4.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion vulnerability
WordPress EventPrime - Events Calendar, Bookings and Tickets plugin = 3.4.3 - Missing Authorization to Authenticated Subscriber+ Arbitrary Post Deletion vulnerability discovered by Lucio Sá in WordPress Plugin EventPrime versions = 3.4.3...
WordPress EventPrime plugin <= 3.4.2 - Unauthenticated Booking Payment Bypass vulnerability
Unauthenticated Booking Payment Bypass vulnerability discovered by Lucio Sá in WordPress Plugin EventPrime versions = 3.4.2...
WordPress EventPrime plugin <= 4.2.7.0 - Unauthenticated Sensitive Information Exposure via REST API vulnerability
Unauthenticated Sensitive Information Exposure via REST API vulnerability discovered by Deadbee - NA in WordPress Plugin EventPrime versions = 4.2.7.0...
WordPress plugin EventPrime has a security vulnerability
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...
CVE-2025-14507
The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive booking data including user names,...
CVE-2025-14507
The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive booking data including user names,...
CVE-2025-14507 EventPrime - Events Calendar, Bookings and Tickets <= 4.2.7.0 - Unauthenticated Sensitive Information Exposure via REST API
The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive booking data including user names,...
CVE-2025-14507 EventPrime - Events Calendar, Bookings and Tickets <= 4.2.7.0 - Unauthenticated Sensitive Information Exposure via REST API
The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive booking data including user names,...
PT-2026-2445
The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes it possible for unauthenticated attackers to extract sensitive booking data including user names,...
WordPress plugin EventPrime 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An information...
CVE-2023-4251
The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks...
CVE-2023-4250
The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin...
CVE-2025-63006
CVE-2025-63006 is a Missing Authorization vulnerability in Metagauss EventPrime (WordPress plugin: EventPrime – Events Calendar, Bookings and Tickets) affecting versions from n/a up to 4.2.4.1. The CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N) yields a base score of 4.3 (Medium). Multiple...
CVE-2025-63006 WordPress EventPrime plugin <= 4.2.4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through = 4.2.4.1...
CVE-2025-63007 WordPress EventPrime plugin <= 4.2.4.1 - Sensitive Data Exposure vulnerability
Insertion of Sensitive Information Into Sent Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through = 4.2.4.1...
CVE-2025-63006 WordPress EventPrime plugin <= 4.2.4.1 - Broken Access Control vulnerability
Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through = 4.2.4.1...
CVE-2025-63007
CVE-2025-63007 is a WordPress EventPrime plugin vulnerability (versions