Metagauss

Eventprime

37 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.8

CVE-2026-24378

  • EPSS 0.05%
  • Veröffentlicht 25.03.2026 16:14:32
  • Zuletzt bearbeitet 30.03.2026 13:27:12

Deserialization of Untrusted Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Object Injection.This issue affects EventPrime: from n/a through <= 4.2.8.0.

7.5

CVE-2025-69358

  • EPSS 0.05%
  • Veröffentlicht 25.03.2026 16:14:22
  • Zuletzt bearbeitet 30.03.2026 13:27:35

Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.6.0.

5.3

CVE-2026-25389

  • EPSS 0.04%
  • Veröffentlicht 19.02.2026 08:27:02
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.8.3.

4.3

CVE-2026-1655

  • EPSS 0.01%
  • Veröffentlicht 18.02.2026 07:25:40
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the save_frontend_event_submission function accepting a user-control...

5.3

CVE-2026-1657

  • EPSS 0.13%
  • Veröffentlicht 17.02.2026 05:29:53
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The EventPrime plugin for WordPress is vulnerable to unauthorized image file upload in all versions up to, and including, 4.2.8.4. This is due to the plugin registering the upload_file_media AJAX action as publicly accessible (nopriv-enabled) without...

8.8

CVE-2026-24380

  • EPSS 0.06%
  • Veröffentlicht 22.01.2026 16:52:46
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.0.

5.3

CVE-2025-14507

  • EPSS 0.02%
  • Veröffentlicht 13.01.2026 13:49:13
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.2.7.0 via the REST API. This makes it possible for unauthenticated attackers to extrac...

4.3

CVE-2025-63006

  • EPSS 0.05%
  • Veröffentlicht 09.12.2025 14:52:26
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Missing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.4.1.

4.3

CVE-2025-63007

  • EPSS 0.05%
  • Veröffentlicht 09.12.2025 14:52:26
  • Zuletzt bearbeitet 15.04.2026 00:35:42

Insertion of Sensitive Information Into Sent Data vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Retrieve Embedded Sensitive Data.This issue affects EventPrime: from n/a through <= 4.2.4.1.

4.3

CVE-2025-12498

  • EPSS 0.03%
  • Veröffentlicht 08.11.2025 06:39:56
  • Zuletzt bearbeitet 15.04.2026 00:35:42

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized booking note creation due to a missing capability check on the 'booking_add_notes' function in all versions up to, and including, 4.2.0.0. This ...