Vulnerabilities > Metagauss > Eventprime > Medium

DATE CVE VULNERABILITY TITLE RISK
2024-09-10 CVE-2024-8369 Missing Authorization vulnerability in Metagauss Eventprime
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3.
network
low complexity
metagauss CWE-862
5.3
2024-01-22 CVE-2023-6447 Unspecified vulnerability in Metagauss Eventprime
The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name.
network
low complexity
metagauss
5.3
2023-11-27 CVE-2023-4252 Unspecified vulnerability in Metagauss Eventprime
The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment.
network
low complexity
metagauss
5.3
2023-10-31 CVE-2023-4250 Cross-site Scripting vulnerability in Metagauss Eventprime
The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
network
low complexity
metagauss CWE-79
6.1
2023-10-31 CVE-2023-4251 Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Eventprime
The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.
network
low complexity
metagauss CWE-352
4.3
2023-10-31 CVE-2023-5238 Cross-site Scripting vulnerability in Metagauss Eventprime
The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website.
network
low complexity
metagauss CWE-79
6.1
2023-10-31 CVE-2023-5519 Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Eventprime
The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.
network
low complexity
metagauss CWE-352
4.3
2023-10-25 CVE-2023-45637 Cross-site Scripting vulnerability in Metagauss Eventprime
Unauth.
network
low complexity
metagauss CWE-79
6.1
2023-06-20 CVE-2023-35884 Cross-site Scripting vulnerability in Metagauss Eventprime
Unauth.
network
low complexity
metagauss CWE-79
6.1
2023-05-28 CVE-2023-33326 Cross-site Scripting vulnerability in Metagauss Eventprime
Unauth.
network
low complexity
metagauss CWE-79
6.1