CVE-2026-42669

CVE-2026-42669 affects WordPress EventPrime plugin up to version 4.3.2.0, with a Missing Authorization/Broken Access Control vulnerability stemming from incorrectly configured access control security levels. CVSS v3.1 base score 7.5 (HIGH), impact to integrity is high while confidentiality/availa...

WordPress EventPrime plugin <= 4.3.2.1 - PHP Object Injection vulnerability

PHP Object Injection vulnerability discovered by hhhai in WordPress Plugin EventPrime versions = 4.3.2.1...

CVE-2025-63007

CVE-2025-63007 is a WordPress EventPrime plugin vulnerability (versions

CVE-2025-63006 WordPress EventPrime plugin <= 4.2.4.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through = 4.2.4.1...

WordPress EventPrime Plugin <= 4.0.4.7 is vulnerable to Cross Site Scripting (XSS)

Software EventPrime Type Plugin Vulnerable versions = 4.0.4.7 Fixed in 4.0.4.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9864 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 1a0ade328fdb Credits zer0gh0st Required...

WordPress EventPrime Plugin <= 4.0.4.7 is vulnerable to Cross Site Scripting (XSS)

Software EventPrime Type Plugin Vulnerable versions = 4.0.4.7 Fixed in 4.0.4.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-9865 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID b2193c9ee308 Credits zer0gh0st Required...

CVE-2024-31275 WordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerability

Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.4...

WordPress EventPrime Plugin <= 3.3.4 is vulnerable to Broken Access Control

Software EventPrime Type Plugin Vulnerable versions = 3.3.4 Fixed in 3.3.5 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-31275 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID 798327419eed Credits Joshua Chan Required privilege...

WordPress EventPrime Plugin <= 3.3.9 is vulnerable to Cross Site Scripting (XSS)

Software EventPrime Type Plugin Vulnerable versions = 3.3.9 Fixed in 3.4.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29776 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 775222193de6 Credits Mochamad Sofyan Required privilege...

WordPress EventPrime Plugin <= 3.4.1 is vulnerable to Broken Access Control

Software EventPrime Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1126 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f1030a0eaeb5 Credits Lucio Sá Required privilege...

WordPress EventPrime Plugin <= 3.4.3 is vulnerable to Cross Site Scripting (XSS)

Software EventPrime Type Plugin Vulnerable versions = 3.4.3 Fixed in 3.4.4 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-1320 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0caa29a440c8 Credits Lucio Sá Required...

WordPress EventPrime Plugin <= 3.4.2 is vulnerable to Broken Access Control

Software EventPrime Type Plugin Vulnerable versions = 3.4.2 Fixed in 3.4.3 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1123 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID c2164132e177 Credits Lucio Sá Required privilege...

WordPress EventPrime Plugin <= 3.3.9 is vulnerable to Broken Access Control

Software EventPrime Type Plugin Vulnerable versions = 3.3.9 Fixed in 3.4.0 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-24832 Patch priority Low CVSS severity Low 8.2 Developer Claim ownership PSID 611d9617bb60 Credits Abdi Pranata Required privilege...

WordPress EventPrime Plugin <= 3.3.2 is vulnerable to Cross Site Scripting (XSS)

Software EventPrime Type Plugin Vulnerable versions = 3.3.2 Fixed in 3.3.3 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 97044dcaad27 Credits Unknown Required privilege Contributor...

WordPress EventPrime Plugin < 3.2.0 is vulnerable to Cross Site Request Forgery (CSRF)

Software EventPrime Type Plugin Vulnerable versions 3.2.0 Fixed in 3.2.0 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-4251 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 3fee28172b5f Credits Alex Sanford Required...

WordPress EventPrime Plugin <= 3.1.5 is vulnerable to Cross Site Scripting (XSS)

Software EventPrime Type Plugin Vulnerable versions = 3.1.5 Fixed in 3.1.6 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-45637 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 7c19ecb3f3a7 Credits Phd Required privilege Unauthenticated...

WordPress EventPrime Plugin <= 3.0.5 is vulnerable to Cross Site Scripting (XSS)

Software EventPrime Type Plugin Vulnerable versions = 3.0.5 Fixed in 3.0.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-35884 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 0d78f3844de4 Credits Le Ngoc Anh Required...

WordPress EventPrime Plugin <= 2.8.6 is vulnerable to Sensitive Data Exposure

Software EventPrime Type Plugin Vulnerable versions = 2.8.6 Fixed in 3.0.0 OWASP Top 10 A5: Broken Access Control Classification Sensitive Data Exposure CVE CVE-2023-33321 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID 71ae7af08f1a Credits yuyudhn Required privilege...