Vulnerabilities > Metagauss > Eventprime > 3.2.8
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-22 | CVE-2023-6447 | Unspecified vulnerability in Metagauss Eventprime The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name. | 5.3 |
| 2023-11-27 | CVE-2023-4252 | Unspecified vulnerability in Metagauss Eventprime The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment. | 5.3 |