CVSS: 5.3EPSS: %CPEs: 1EXPL: 0CVE-2024-43223 – EventPrime <= 4.0.3.2 - Missing Authorization via calendar_event_create()
https://notcve.org/view.php?id=CVE-2024-43223
The EventPrime plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the calendar_event_create() function in versions up to, and including, 4.0.3.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to create calendar events. • CWE-862: Missing Authorization •
CVSS: 5.9EPSS: 0%CPEs: 1EXPL: 0CVE-2024-29776 – WordPress EventPrime plugin <= 3.3.9 - Cross Site Scripting (XSS) vulnerability
https://notcve.org/view.php?id=CVE-2024-29776
Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. Vulnerabilidad de cross-site scripting (XSS) en Metagauss EventPrime. Este problema afecta a EventPrime: desde n/a hasta 3.3.9. The EventPrime plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 3.3.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. • https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-3-3-9-cross-site-scripting-xss-vulnerability?_s_id=cve • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 8.2EPSS: 0%CPEs: 1EXPL: 0CVE-2024-24832 – WordPress EventPrime plugin <= 3.3.9 - Broken Access Control vulnerability
https://notcve.org/view.php?id=CVE-2024-24832
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9. Vulnerabilidad de autorización faltante en Metagauss EventPrime. Este problema afecta a EventPrime: desde n/a hasta 3.3.9. The EventPrime plugin for WordPress is vulnerable to unauthorized modification of data due to improper input validation in the 'save_event_booking' function in versions up to, and including, 3.3.9. This makes it possible for unauthenticated attackers to modify the price and other attributes of purchased tickets. • https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-3-3-9-broken-access-control-vulnerability?_s_id=cve • CWE-20: Improper Input Validation CWE-862: Missing Authorization •
CVSS: 5.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-33321 – WordPress EventPrime plugin <= 2.8.6 - Sensitive Data Exposure
https://notcve.org/view.php?id=CVE-2023-33321
Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6. La vulnerabilidad de autorización faltante en Metagauss EventPrime permite explotar niveles de seguridad de control de acceso configurados incorrectamente. Este problema afecta a EventPrime: desde n/a hasta 2.8.6. The EventPrime plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 2.8.6. This could allow unauthenticated attackers to extract sensitive user or configuration data. • https://patchstack.com/database/vulnerability/eventprime-event-calendar-management/wordpress-eventprime-plugin-2-8-6-sensitive-data-exposure?_s_id=cve • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-862: Missing Authorization •