Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
metagauss eventprime vulnerabilities and exploits
(subscribe to this query)
6.1
CVSSv3
CVE-2023-45637
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime EventPrime – Events Calendar, Bookings and Tickets plugin <= 3.1.5 versions.
Metagauss Eventprime
6.1
CVSSv3
CVE-2023-33326
Unauth. Reflected (XSS) Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 2.8.6 versions.
Metagauss Eventprime
6.1
CVSSv3
CVE-2023-4250
The EventPrime WordPress plugin prior to 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
Metagauss Eventprime
4.3
CVSSv3
CVE-2023-4251
The EventPrime WordPress plugin prior to 3.2.0 does not have CSRF checks when creating bookings, which could allow malicious users to make logged in users create unwanted bookings via CSRF attacks.
Metagauss Eventprime
5.3
CVSSv3
CVE-2023-4252
The EventPrime WordPress plugin up to and including 3.2.9 specifies the price of a booking in the client request, allowing an malicious user to purchase bookings without payment.
Metagauss Eventprime
5.3
CVSSv3
CVE-2023-6447
The EventPrime WordPress plugin prior to 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name.
Metagauss Eventprime
6.1
CVSSv3
CVE-2023-5238
The EventPrime WordPress plugin prior to 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website.
Metagauss Eventprime
6.1
CVSSv3
CVE-2023-35884
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 3.0.5 versions.
Metagauss Eventprime
4.3
CVSSv3
CVE-2023-5519
The EventPrime WordPress plugin prior to 3.2.0 does not have CSRF checks when creating bookings, which could allow malicious users to make logged in users create unwanted bookings via CSRF attacks.
Metagauss Eventprime
NA
CVE-2023-33321
Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a up to and including 2.8.6.
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
SSTI
CVE-2024-35863
CVE-2024-35910
man-in-the-middle
CVE-2024-35912
CVE-2024-25742
LFI
CVE-2024-32002
CVE-2024-22120
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
1
2
NEXT »