Vulnerabilities > Metagauss > Eventprime > Medium
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-10 | CVE-2024-8369 | Missing Authorization vulnerability in Metagauss Eventprime The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. | 5.3 |
2024-01-22 | CVE-2023-6447 | Unspecified vulnerability in Metagauss Eventprime The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name. | 5.3 |
2023-11-27 | CVE-2023-4252 | Unspecified vulnerability in Metagauss Eventprime The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment. | 5.3 |
2023-10-31 | CVE-2023-4250 | Cross-site Scripting vulnerability in Metagauss Eventprime The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 6.1 |
2023-10-31 | CVE-2023-4251 | Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Eventprime The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. | 4.3 |
2023-10-31 | CVE-2023-5238 | Cross-site Scripting vulnerability in Metagauss Eventprime The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website. | 6.1 |
2023-10-31 | CVE-2023-5519 | Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Eventprime The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. | 4.3 |
2023-10-25 | CVE-2023-45637 | Cross-site Scripting vulnerability in Metagauss Eventprime Unauth. | 6.1 |
2023-06-20 | CVE-2023-35884 | Cross-site Scripting vulnerability in Metagauss Eventprime Unauth. | 6.1 |
2023-05-28 | CVE-2023-33326 | Cross-site Scripting vulnerability in Metagauss Eventprime Unauth. | 6.1 |