EventPrime

Metagauss

Developer

4.3.2.0

Latest version

7,000

Installations

No date

Last updated

WordPress Plugin

Active VDP

Report vulnerability

Vulnerabilities

Security Policy

Security Contributors

Vulnerability history

0 present

37 patched

16 Mitigation rules

Payment Bypass vulnerability
<= 4.2.8.3
18/03/2026
PHP Object Injection vulnerability
<= 4.2.8.0
17/03/2026
Broken Access Control vulnerability
<= 4.2.6.0
10/03/2026
Sensitive Data Exposure vulnerability
<= 4.2.8.3
20/02/2026
Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter vulnerability
<= 4.2.8.4
18/02/2026
Missing Authorization to Unauthenticated Image Upload via 'ep_upload_file_media' AJAX Endpoint vulnerability
<= 4.2.8.4
16/02/2026
WordPress EventPrime - Events Calendar, Bookings and Tickets plugin <= 3.4.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion vulnerability
<= 3.4.3
03/02/2026
WordPress EventPrime - Events Calendar, Bookings and Tickets plugin <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Event Export vulnerability
<= 3.4.1
03/02/2026
Unauthenticated Booking Payment Bypass vulnerability
<= 3.4.2
03/02/2026
Unauthenticated Sensitive Information Exposure via REST API vulnerability
<= 4.2.7.0
30/01/2026
Broken Access Control vulnerability
<= 4.2.8.0
28/01/2026
Missing Authorization to Authenticated (Subscriber+) Booking Note Creation vulnerability
<= 4.2.0.0
10/11/2025
Sensitive Data Exposure vulnerability
<= 4.2.4.1
06/11/2025
Broken Access Control vulnerability
<= 4.2.4.1
06/11/2025
Subscriber+ Arbitrary booking settings update vulnerability
< 3.5.0
19/05/2025
Missing Authorization to Authenticated (Subscriber+) Event Attendees Export vulnerability
<= 4.0.7.3
06/03/2025
Unauthenticated Stored Cross-Site Scripting via Ticket Category and Ticket Type Name vulnerability
<= 4.0.5.3
16/12/2024
Unauthenticated Stored Cross-Site Scripting vulnerability
<= 4.0.4.7
24/10/2024
Unauthenticated Stored Cross-Site Scripting vulnerability
<= 4.0.4.7
23/10/2024
Open Redirection vulnerability
<= 4.0.4.5
30/09/2024
Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure vulnerability
<= 4.0.4.3
10/09/2024
Broken Access Control vulnerability
<= 4.0.3.2
09/08/2024
Booking Price Manipulation vulnerability
<= 3.3.4
05/04/2024
Cross Site Scripting (XSS) vulnerability
<= 3.3.9
25/03/2024
Multiple Missing Authorization vulnerability
<= 3.4.1
14/03/2024
Unauthenticated Stored Cross-Site Scripting vulnerability
<= 3.4.3
13/03/2024
Multiple Missing Authorization vulnerability
<= 3.4.2
11/03/2024
Multiple Missing Authorization vulnerability
<= 3.4.3
11/03/2024
Broken Access Control vulnerability
<= 3.3.9
02/02/2024
Authenticated(Contributor+) Stored Cross-Site Scripting via Shortcode vulnerability
<= 3.3.2
23/11/2023
Reflected Cross-Site Scripting (XSS) vulnerability
< 3.2.0
31/10/2023
Booking Creation via CSRF vulnerability
< 3.2.0
31/10/2023
Reflected HTML Injection on keyword parameter vulnerability
< 3.2.0
31/10/2023
Reflected Cross Site Scripting (XSS) vulnerability
<= 3.1.5
11/10/2023
Reflected Cross Site Scripting (XSS) vulnerability
<= 3.0.5
19/06/2023
Sensitive Data Exposure
<= 2.8.6
22/05/2023
Reflected Cross Site Scripting (XSS)
<= 2.8.6
22/05/2023