Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metagauss eventprime vulnerabilities and exploits
(subscribe to this query)
NA
CVE-2023-33326
Unauth. Reflected (XSS) Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 2.8.6 versions.
Metagauss Eventprime
NA
CVE-2023-45637
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime EventPrime – Events Calendar, Bookings and Tickets plugin <= 3.1.5 versions.
Metagauss Eventprime
NA
CVE-2023-35884
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 3.0.5 versions.
Metagauss Eventprime
NA
CVE-2023-5238
The EventPrime WordPress plugin prior to 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website.
Metagauss Eventprime
NA
CVE-2023-6447
The EventPrime WordPress plugin prior to 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name.
Metagauss Eventprime
NA
CVE-2023-4250
The EventPrime WordPress plugin prior to 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Metagauss Eventprime
NA
CVE-2023-4251
The EventPrime WordPress plugin prior to 3.2.0 does not have CSRF checks when creating bookings, which could allow malicious users to make logged in users create unwanted bookings via CSRF attacks.
Metagauss Eventprime
NA
CVE-2023-4252
The EventPrime WordPress plugin up to and including 3.2.9 specifies the price of a booking in the client request, allowing an malicious user to purchase bookings without payment.
Metagauss Eventprime
NA
CVE-2023-5519
The EventPrime WordPress plugin prior to 3.2.0 does not have CSRF checks when creating bookings, which could allow malicious users to make logged in users create unwanted bookings via CSRF attacks.
Metagauss Eventprime
NA
CVE-2024-24832
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a up to and including 3.3.9.
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2020-4463
CVE-2024-3400
deserialization
CVE-2024-21788
CVE-2023-42433
CVE-2024-21841
CVE-2024-22095
local file inclusion
memory leak
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »