Lucene search
K

160 matches found

NVD
NVD
added 5 days ago8 views

CVE-2026-13441

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'neweventtypebackgroundcolor' parameter in all versions up to, and including, 4.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS0.00247EPSS
Exploits0References8
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42559

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'neweventtypebackgroundcolor' parameter in all versions up to, and including, 4.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS6.1AI score0.00247EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 5 days ago8 views

CVE-2026-13441

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'neweventtypebackgroundcolor' parameter in all versions up to, and including, 4.3.4.2 due to insufficient input sanitization and output escaping. This makes it possible...

7.2CVSS6.1AI score0.00247EPSS
Exploits0References9
CVE
CVE
added 2026/06/25 1:12 p.m.18 views

CVE-2026-56053

CVE-2026-56053 concerns the WordPress plugin EventPrime (versions

8.8CVSS5.8AI score0.00391EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 8:18 p.m.18 views

CVE-2026-42687

The CVE-2026-42687 entry concerns the WordPress EventPrime plugin (versions ≤ 4.3.2.1). It describes an unauthenticated PHP Object Injection vulnerability in EventPrime, with a CVSS v3.1 base score of 8.1 (HIGH) and a network attack vector, no user interaction, and high impact on confidentiality,...

8.1CVSS5.3AI score0.00317EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.27 views

CVE-2026-42687 WordPress EventPrime plugin <= 4.3.2.1 - PHP Object Injection vulnerability

Unauthenticated PHP Object Injection in EventPrime = 4.3.2.1 versions...

8.1CVSS0.00317EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/15 8:18 p.m.29 views

CVE-2026-42686 WordPress EventPrime plugin <= 4.3.2.1 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in EventPrime = 4.3.2.1 versions...

7.1CVSS0.00354EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/15 8:18 p.m.6 views

CVE-2026-42686 WordPress EventPrime plugin <= 4.3.2.1 - Cross Site Scripting (XSS) vulnerability

Subscriber Cross Site Scripting XSS in EventPrime = 4.3.2.1 versions...

7.1CVSS5.1AI score0.00354EPSS
Exploits0References1
CVE
CVE
added 2026/06/02 10:40 a.m.23 views

CVE-2026-42669

CVE-2026-42669 affects WordPress EventPrime plugin up to version 4.3.2.0, with a Missing Authorization/Broken Access Control vulnerability stemming from incorrectly configured access control security levels. CVSS v3.1 base score 7.5 (HIGH), impact to integrity is high while confidentiality/availa...

7.5CVSS5.8AI score0.00202EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/02 10:40 a.m.11 views

CVE-2026-42669 WordPress EventPrime plugin <= 4.3.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0...

7.5CVSS5.8AI score0.00202EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/02 10:40 a.m.44 views

CVE-2026-42669 WordPress EventPrime plugin <= 4.3.2.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0...

7.5CVSS0.00202EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/05/24 8:59 a.m.10 views

WordPress EventPrime plugin <= 4.3.2.1 - Cross Site Scripting (XSS) vulnerability

Cross Site Scripting XSS vulnerability discovered by hhhai in WordPress Plugin EventPrime versions = 4.3.2.1...

5.8AI score0.00354EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2026/04/20 10:20 a.m.7 views

WordPress EventPrime plugin <= 4.3.0.0 - Insecure Direct Object References (IDOR) vulnerability

Insecure Direct Object References IDOR vulnerability discovered by James Pirstin in WordPress Plugin EventPrime versions = 4.3.0.0...

5.8AI score0.00278EPSS
Exploits0Affected Software1
GithubExploit
GithubExploit
added 2026/04/09 5:53 p.m.122 views

Exploit for CVE-2026-1657

CVE-2026-1657: Unauthenticated Arbitrary File Upload in EventP...

5.3CVSS5.8AI score0.00379EPSS
Exploits3
CVE
CVE
added 2026/03/25 4:14 p.m.10 views

CVE-2026-24378

CVE-2026-24378 describes a Deserialization of Untrusted Data flaw in EventPrime (Events Calendar, Bookings and Tickets) that enables unauthenticated PHP object injection. Affected: EventPrime

9.8CVSS5.8AI score0.0051EPSS
Exploits0References1
CVE
CVE
added 2026/03/19 7:20 a.m.10 views

CVE-2026-25312

WordPress EventPrime plugin

7.5CVSS5.9AI score0.00206EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/03/19 7:20 a.m.2 views

CVE-2026-25312 WordPress EventPrime plugin <= 4.2.8.3 - Payment Bypass vulnerability

Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 4.2.8.3...

7.5CVSS5.8AI score0.00206EPSS
Exploits0References1
Patchstack
Patchstack
added 2026/03/18 11:3 a.m.5 views

WordPress EventPrime plugin <= 4.2.8.3 - Payment Bypass vulnerability

Payment Bypass vulnerability discovered by Zeeshan Haider in WordPress Plugin EventPrime versions = 4.2.8.3...

7.5CVSS5.8AI score0.00206EPSS
Exploits0Affected Software1
CVE
CVE
added 2026/02/19 8:27 a.m.13 views

CVE-2026-25389

CVE-2026-25389 affects WordPress EventPrime (EventPrime: Metagauss) and is a Sensitive Data Exposure vulnerability. The issue allows retrieval of embedded sensitive data by an unauthenticated actor and affects EventPrime versions from n/a up to and including 4.2.8.3; the entry indicates it is pat...

5.3CVSS5.5AI score0.0024EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/02/18 7:25 a.m.6 views

CVE-2026-1655 EventPrime <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter

The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the savefrontendeventsubmission function accepting a user-controlled eventid parameter and updating the correspondi...

4.3CVSS5.5AI score0.00281EPSS
Exploits0References6
Rows per page
Query Builder