5 results (0.007 seconds)

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 0

URL Redirection to Untrusted Site ('Open Redirect') vulnerability in EventPrime Events EventPrime.This issue affects EventPrime: from n/a through 4.0.4.5. The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.0.4.5. This is due to insufficient validation on a redirect url supplied. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action. • https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-4-0-4-5-open-redirection-vulnerability?_s_id=cve • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in EventPrime Events EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 4.0.3.2. The EventPrime plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the calendar_event_create() function in versions up to, and including, 4.0.3.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to create calendar events. • https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-4-0-3-2-broken-access-control-vulnerability?_s_id=cve • CWE-862: Missing Authorization •

CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0

Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. Vulnerabilidad de cross-site scripting (XSS) en Metagauss EventPrime. Este problema afecta a EventPrime: desde n/a hasta 3.3.9. The EventPrime plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-3-3-9-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •

CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. Vulnerabilidad de autorización faltante en Metagauss EventPrime. Este problema afecta a EventPrime: desde n/a hasta 3.3.9. The EventPrime plugin for WordPress is vulnerable to unauthorized modification of data due to improper input validation in the 'save_event_booking' function in versions up to, and including, 3.3.9. This makes it possible for unauthenticated attackers to modify the price and other attributes of purchased tickets. • https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-3-3-9-broken-access-control-vulnerability?_s_id=cve • CWE-20: Improper Input Validation CWE-862: Missing Authorization •

CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0

Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6. La vulnerabilidad de autorización faltante en Metagauss EventPrime permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a EventPrime: desde n/a hasta 2.8.6. The EventPrime plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.8.6. This could allow unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-2-8-6-sensitive-data-exposure?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •