Eventprime

2 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest
CVE-2024-4665 MEDIUM POC This Month

The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Eventprime
NVD WPScan
CVSS 3.1
6.4
EPSS
0.2%
CVE-2024-13526 MEDIUM This Month

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the export_submittion_attendees function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Eventprime
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2024-4665
EPSS 0% CVSS 6.4
MEDIUM POC This Month

The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Rated medium severity (CVSS 6.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

WordPress Information Disclosure Eventprime
NVD WPScan
CVE-2024-13526
EPSS 0% CVSS 4.3
MEDIUM This Month

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability checks on the export_submittion_attendees function. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

WordPress Authentication Bypass Eventprime
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy