Filtered by vendor Metagauss Subscriptions
Filtered by product Eventprime Subscriptions
Total 11 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2023-4252 1 Metagauss 1 Eventprime 2024-11-21 5.3 Medium
The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment.
CVE-2024-31275 1 Metagauss 1 Eventprime 2024-11-21 8.2 High
Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.4.
CVE-2023-6447 1 Metagauss 1 Eventprime 2024-11-21 5.3 Medium
The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name.
CVE-2023-5519 1 Metagauss 1 Eventprime 2024-11-21 4.3 Medium
The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.
CVE-2023-5238 1 Metagauss 1 Eventprime 2024-11-21 6.1 Medium
The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an HTML Injection on the plugin in the search area of the website.
CVE-2023-4251 1 Metagauss 1 Eventprime 2024-11-21 4.3 Medium
The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged in users create unwanted bookings via CSRF attacks.
CVE-2023-4250 1 Metagauss 1 Eventprime 2024-11-21 6.1 Medium
The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVE-2023-45637 1 Metagauss 1 Eventprime 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime EventPrime – Events Calendar, Bookings and Tickets plugin <= 3.1.5 versions.
CVE-2023-35884 1 Metagauss 1 Eventprime 2024-11-21 7.1 High
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 3.0.5 versions.
CVE-2023-33326 1 Metagauss 1 Eventprime 2024-11-21 7.1 High
Unauth. Reflected (XSS) Cross-Site Scripting (XSS) vulnerability in EventPrime plugin <= 2.8.6 versions.
CVE-2024-8369 1 Metagauss 1 Eventprime 2024-09-26 5.3 Medium
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. This makes it possible for unauthenticated attackers to view private or password-protected events.