Vulnerabilities > Metagauss > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-03-09 | CVE-2024-1125 | Missing Authorization vulnerability in Metagauss Eventprime The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all versions up to, and including, 3.4.3. | 5.3 |
| 2024-03-09 | CVE-2024-1320 | Cross-site Scripting vulnerability in Metagauss Eventprime The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offline_status' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. | 6.1 |
| 2024-02-01 | CVE-2023-51509 | Unspecified vulnerability in Metagauss Registrationmagic Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Metagauss RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login allows Reflected XSS.This issue affects RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login: from n/a through 5.2.4.1. | 6.1 |
| 2024-01-22 | CVE-2023-6447 | Unspecified vulnerability in Metagauss Eventprime The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name. | 5.3 |
| 2023-11-27 | CVE-2023-4252 | Unspecified vulnerability in Metagauss Eventprime The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment. | 5.3 |
| 2023-10-31 | CVE-2023-4250 | Cross-site Scripting vulnerability in Metagauss Eventprime The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin. | 6.1 |
| 2023-10-31 | CVE-2023-4251 | Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Eventprime The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. | 4.3 |
| 2023-10-31 | CVE-2023-5238 | Cross-site Scripting vulnerability in Metagauss Eventprime The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website. | 6.1 |
| 2023-10-31 | CVE-2023-5519 | Cross-Site Request Forgery (CSRF) vulnerability in Metagauss Eventprime The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks. | 4.3 |
| 2023-10-25 | CVE-2023-45637 | Unspecified vulnerability in Metagauss Eventprime Unauth. | 6.1 |