Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

EventPrime – Events Calendar, Bookings and Tickets — Vulnerabilities & Security Advisories 17

All 17 CVE vulnerabilities found in EventPrime – Events Calendar, Bookings and Tickets, with AI-generated Chinese analysis, references, and POCs.

Vendor: EventPrime

CVE IDTitleCVSSSeverityPublished
CVE-2026-1655 EventPrime <= 4.2.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter CWE-862 4.3 Medium2026-02-18
CVE-2026-1657 EventPrime <= 4.2.8.4 - Missing Authorization to Unauthenticated Image Upload via 'ep_upload_file_media' AJAX Endpoint CWE-862 5.3 Medium2026-02-17
CVE-2025-14507 EventPrime - Events Calendar, Bookings and Tickets <= 4.2.7.0 - Unauthenticated Sensitive Information Exposure via REST API CWE-200 5.3 Medium2026-01-13
CVE-2025-12498 EventPrime – Events Calendar, Bookings and Tickets <= 4.2.0.0 - Missing Authorization to Authenticated (Subscriber+) Booking Note Creation CWE-862 4.3 Medium2025-11-08
CVE-2024-13526 EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Missing Authorization to Authenticated (Subscriber+) Event Attendees Export CWE-862 4.3 Medium2025-03-07
CVE-2024-12024 EventPrime – Events Calendar, Bookings and Tickets <= 4.0.7.3 - Unauthenticated Stored Cross-Site Scripting via Ticket Category and Ticket Type Name CWE-79 7.2 High2024-12-17
CVE-2024-9864 EventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting CWE-79 6.1 Medium2024-10-24
CVE-2024-9865 EventPrime – Modern Events Calendar, Bookings and Tickets <= 4.0.4.7 - Unauthenticated Stored Cross-Site Scripting via Transaction Log CWE-79 6.1 Medium2024-10-24
CVE-2024-8369 EventPrime <= 4.0.4.3 - Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure CWE-862 5.3 Medium2024-09-10
CVE-2024-1126 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Attendee List Retrieval CWE-862 4.3 Medium2024-03-13
CVE-2024-1321 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Unauthenticated Booking Payment Bypass CWE-345 5.3 Medium2024-03-13
CVE-2024-1127 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Event Export CWE-862 4.3 Medium2024-03-13
CVE-2024-1320 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.3 - Unauthenticated Stored Cross-Site Scripting CWE-79 6.5 Medium2024-03-09
CVE-2024-1125 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion CWE-862 5.4 Medium2024-03-09
CVE-2024-1123 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Arbitrary Post Overwrite CWE-862 6.5 Medium2024-03-09
CVE-2024-1124 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending CWE-862 4.3 Medium2024-03-09
CVE-2023-45637 WordPress EventPrime Plugin <= 3.1.5 is vulnerable to Cross Site Scripting (XSS) CWE-79 7.1 High2023-10-24

All 17 known CVE vulnerabilities affecting EventPrime – Events Calendar, Bookings and Tickets with full Chinese analysis, references, and POCs where available.