Unknown Eventprime vulnerabilities

7 known vulnerabilities affecting unknown/eventprime.

Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
MEDIUM7

Vulnerabilities

Page 1 of 1
CVE-2024-4665MEDIUMCVSS 6.4≥ 3.4.9, < 3.5.02025-05-15
CVE-2024-4665 [MEDIUM] CWE-639 CVE-2024-4665: The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bo The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce.
cvelistv5nvd
CVE-2023-6447MEDIUMCVSS 5.3fixed in 3.3.62024-01-22
CVE-2023-6447 [MEDIUM] CWE-284 CVE-2023-6447: The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauth The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name.
cvelistv5nvd
CVE-2023-4252MEDIUMCVSS 5.3≤ 3.2.92023-11-27
CVE-2023-4252 [MEDIUM] CWE-1284 CVE-2023-4252: The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment.
cvelistv5nvd
CVE-2023-4250MEDIUMCVSS 6.1fixed in 3.2.02023-10-31
CVE-2023-4250 [MEDIUM] CWE-79 CVE-2023-4250: The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before out The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
cvelistv5nvd
CVE-2023-5519MEDIUMCVSS 4.3fixed in 3.2.02023-10-31
CVE-2023-5519 [MEDIUM] CWE-352 CVE-2023-5519: The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.
cvelistv5nvd
CVE-2023-5238MEDIUMCVSS 6.1fixed in 3.2.02023-10-31
CVE-2023-5238 [MEDIUM] CWE-79 CVE-2023-5238: The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputt The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website.
cvelistv5nvd
CVE-2023-4251MEDIUMCVSS 4.3fixed in 3.2.02023-10-31
CVE-2023-4251 [MEDIUM] CWE-352 CVE-2023-4251: The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.
cvelistv5nvd