Skip to main content

Eventprime Events Calendar Bookings And Tickets

1 CVEs product

Monthly

CVE-2026-13441 HIGH This Week

Stored cross-site scripting in the EventPrime events plugin for WordPress (versions through 4.3.4.2, by Metagauss) lets low-privileged or, in one configuration, unauthenticated actors persist arbitrary JavaScript through the 'new_event_type_background_color' field of the event-type creation flow. The injected script runs in the browser of any user who later views the affected page, enabling session/context theft in the WordPress front end and admin context. No public exploit has been identified at time of analysis and it is not listed in CISA KEV; the finding was reported by Wordfence.

WordPress XSS Eventprime Events Calendar Bookings And Tickets
NVD
CVSS 3.1
7.2
EPSS
0.2%
EPSS 0% CVSS 7.2
HIGH This Week

Stored cross-site scripting in the EventPrime events plugin for WordPress (versions through 4.3.4.2, by Metagauss) lets low-privileged or, in one configuration, unauthenticated actors persist arbitrary JavaScript through the 'new_event_type_background_color' field of the event-type creation flow. The injected script runs in the browser of any user who later views the affected page, enabling session/context theft in the WordPress front end and admin context. No public exploit has been identified at time of analysis and it is not listed in CISA KEV; the finding was reported by Wordfence.

WordPress XSS Eventprime Events Calendar Bookings And Tickets
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy