CVE-2026-1655

The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the savefrontendeventsubmission function accepting a user-controlled eventid parameter and updating the correspondi...

CVE-2026-1655

CVE-2026-1655 — EventPrime for WordPress : Unauthorized post modification due to missing authorization checks in save_frontend_event_submission, which uses a user-controlled event_id to update posts. Affected versions are up to 4.2.8.4; patch exists in 4.2.8.4+. The issue allows authenticated (Cu...

CVE-2026-1655 EventPrime <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter

The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the savefrontendeventsubmission function accepting a user-controlled eventid parameter and updating the correspondi...

CVE-2026-1655 EventPrime <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter

The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the savefrontendeventsubmission function accepting a user-controlled eventid parameter and updating the correspondi...

WordPress EventPrime plugin <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Event Modification via 'eventid' Parameter vulnerability discovered by Supoj Polsawas sp0x5ec in WordPress Plugin EventPrime versions = 4.2.8.4...

EUVD-2021-13717

Malware in sbrugna...

EUVD-2005-1020

Malware in sbrugna...

EUVD-2006-1907

Malware in sbrugna...

EUVD-2006-1426

Malware in sbrugna...

EUVD-2009-1940

Malware in sbrugna...

EUVD-2005-4392

Malware in sbrugna...

EUVD-2009-0803

Malware in sbrugna...

EUVD-2005-1484

Malware in sbrugna...

EUVD-2023-34628

Malicious code in bioql PyPI...

CVE-2024-28322

SQL Injection vulnerability in /event-management-master/backend/register.php in PuneethReddyHC Event Management 1.0 allows attackers to run arbitrary SQL commands via the eventid parameter in a crafted POST request...

CVE-2024-33403

A SQL injection vulnerability in /model/getevents.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the eventid parameter...

CVE-2023-30203

Judging Management System v1.0 was discovered to contain a SQL injection vulnerability via the eventid parameter at /php-jms/resultsheet.php...

CVE-2009-0805

Cross-site scripting XSS vulnerability in piCal 0.91h and earlier, a module for XOOPS, allows remote attackers to inject arbitrary web script or HTML via the eventid parameter in index.php...

Campcodes Complete Web-Based School Management System 跨站脚本漏洞

Campcodes Complete Web-Based School Management System is a Web-based school management system from Campcodes, Inc. A cross-site scripting vulnerability exists in version 1.0 of the Campcodes Complete Web-Based School Management System, which stems from a cross-site scripting vulnerability in the...

CVE-2024-33403

A SQL injection vulnerability in /model/getevents.php in campcodes Complete Web-Based School Management System 1.0 allows attacker to execute arbitrary SQL commands via the eventid parameter...