Vulnerabilities > Metagauss > Eventprime > 4.0.4.1

DATE CVE VULNERABILITY TITLE RISK
2024-12-17 CVE-2024-12024 Cross-site Scripting vulnerability in Metagauss Eventprime
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the em_ticket_category_data and em_ticket_individual_data parameters in all versions up to, and including, 4.0.5.3 due to insufficient input sanitization and output escaping.
network
low complexity
metagauss CWE-79
6.1
6.1
2024-10-24 CVE-2024-9864 Cross-site Scripting vulnerability in Metagauss Eventprime
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket names in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping.
network
low complexity
metagauss CWE-79
6.1
6.1
2024-10-24 CVE-2024-9865 Cross-site Scripting vulnerability in Metagauss Eventprime
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ep_booking_attendee_fields’ fields in all versions up to, and including, 4.0.4.7 due to insufficient input sanitization and output escaping.
network
low complexity
metagauss CWE-79
6.1
6.1
2024-09-10 CVE-2024-8369 Missing Authorization vulnerability in Metagauss Eventprime
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3.
network
low complexity
metagauss CWE-862
5.3
5.3