CVE-2023-4252

The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment...

Authorization

The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name...

CVE-2023-6447 EventPrime < 3.3.6 - Unauthenticated Event Access

The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name...

PT-2024-14958 · WordPress · Eventprime

Name of the Vulnerable Software and Affected Versions: EventPrime WordPress plugin versions prior to 3.3.6 Description: The issue allows unauthenticated visitors to access private and password-protected events by guessing their numeric id or event name due to a lack of authentication and...

PT-2023-28384 · WordPress · Eventprime

Name of the Vulnerable Software and Affected Versions: EventPrime WordPress plugin versions prior to 3.3.0 Description: The issue allows an attacker to purchase bookings without making a payment by manipulating the price specified in the client request. Recommendations: For versions prior to 3.3....

CVE-2023-5238 EventPrime < 3.2.0 - Reflected HTML Injection on keyword parameter

The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website...