Every CVE whose affected-product data names Metagauss Eventprime, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (27)
CVE-2024-31275 — CVSS 8.2 (high): Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.4.
CVE-2024-24832 — CVSS 8.2 (high): Missing Authorization vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.
CVE-2024-12024 — CVSS 7.2 (high): The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…
CVE-2023-45637 — CVSS 7.1 (high): Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime EventPrime – Events Calendar, Bookings and Tickets plugin <=…
CVE-2024-1123 — CVSS 6.5 (medium): The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a…
CVE-2024-1320 — CVSS 6.5 (medium): The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…
CVE-2024-4665 — CVSS 6.4 (medium): The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel…
CVE-2023-5238 — CVSS 6.1 (medium): The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape a parameter before outputting it back in the page, leading to an…
CVE-2023-4250 — CVSS 6.1 (medium): The EventPrime WordPress plugin before 3.2.0 does not sanitise and escape some parameters before outputting them back in the page, leading…
CVE-2024-9865 — CVSS 6.1 (medium): The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the…
CVE-2024-9864 — CVSS 6.1 (medium): The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via ticket names…
CVE-2024-29776 — CVSS 5.9 (medium): Cross Site Scripting (XSS) vulnerability in Metagauss EventPrime.This issue affects EventPrime: from n/a through 3.3.9.
CVE-2024-1125 — CVSS 5.4 (medium): The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing…
CVE-2023-33321 — CVSS 5.3 (medium): Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This…
CVE-2023-4252 — CVSS 5.3 (medium): The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase…
CVE-2023-6447 — CVSS 5.3 (medium): The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private…
CVE-2024-1321 — CVSS 5.3 (medium): The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and…
CVE-2024-8369 — CVSS 5.3 (medium): The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or…
CVE-2024-1127 — CVSS 4.3 (medium): The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing…
CVE-2024-1126 — CVSS 4.3 (medium): The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing…
CVE-2024-43223 — CVSS 4.3 (medium): Missing Authorization vulnerability in EventPrime Events EventPrime allows Exploiting Incorrectly Configured Access Control Security…
CVE-2024-1124 — CVSS 4.3 (medium): The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing…
CVE-2023-4251 — CVSS 4.3 (medium): The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged…
CVE-2023-5519 — CVSS 4.3 (medium): The EventPrime WordPress plugin before 3.2.0 does not have CSRF checks when creating bookings, which could allow attackers to make logged…
CVE-2024-13526 — CVSS 4.3 (medium): The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing…