cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2024-12024,https://securityvulnerability.io/vulnerability/CVE-2024-12024,Stored Cross-Site Scripting Vulnerability in EventPrime for WordPress Plugin,"CVE-2024-12024 refers to a significant stored Cross-Site Scripting (XSS) vulnerability present in the EventPrime plugin for WordPress. This vulnerability allows unauthenticated attackers to exploit the em_ticket_category_data and em_ticket_individual_data parameters due to inadequate input sanitization and output escaping present in all versions up to and including 4.0.5.3. If the 'Guest Submissions' feature is enabled, malicious scripts can be injected into pages, triggering execution whenever an administrative user visits a compromised page. Given the potential for extensive exploitation, this vulnerability poses a critical security risk to websites utilizing the EventPrime plugin.",Wordpress,"Eventprime – Events Calendar, Bookings And Tickets",6.1,MEDIUM,0.000590000010561198,false,,false,false,false,,false,false,2024-12-17T09:22:41.540Z,0
CVE-2024-9864,https://securityvulnerability.io/vulnerability/CVE-2024-9864,Stored Cross-Site Scripting Vulnerability in EventPrime Plugin,"The Events Calendar, Bookings and Tickets plugin for WordPress is susceptible to a Stored Cross-Site Scripting (XSS) vulnerability due to inadequate input sanitization and output escaping mechanisms. This vulnerability affects all plugin versions up to and including 4.0.4.7. Attackers who are able to submit new events with ticket names can inject arbitrary web scripts into web pages. These scripts execute whenever an affected page is accessed by users, posing significant threats to website security and user data integrity.",Wordpress,"Eventprime – Events Calendar, Bookings And Tickets",6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-10-24T06:50:24.709Z,0
CVE-2024-9865,https://securityvulnerability.io/vulnerability/CVE-2024-9865,Stored Cross-Site Scripting Vulnerability Affects EventPrime's WordPress Plugin,"The Events Calendar, Bookings and Tickets plugin for WordPress is susceptible to a Stored Cross-Site Scripting vulnerability. This flaw is present in the ‘ep_booking_attendee_fields’ fields in all versions up to and including 4.0.4.7. Due to a lack of proper input sanitization and output escaping, unauthenticated attackers can exploit this vulnerability to inject arbitrary web scripts. These scripts are executed whenever a user accesses the transaction log for a booking, posing a significant security risk to site users and their data.",Wordpress,"Eventprime – Events Calendar, Bookings And Tickets",6.1,MEDIUM,0.0005200000014156103,false,,false,false,false,,false,false,2024-10-24T06:50:23.856Z,0
CVE-2024-8369,https://securityvulnerability.io/vulnerability/CVE-2024-8369,Unauthorized Access to Private or Password-Protected Events Due to Missing Authorization Checks in EventPrime Plugin,"The Events Calendar, Bookings and Tickets plugin for WordPress has a security vulnerability that compromises private and password-protected events. Versions up to and including 4.0.4.3 lack proper authorization checks, enabling unauthorized individuals to access sensitive event information without the need for authentication. This could result in unwanted exposure of private event details, potentially affecting user privacy and data security.",Wordpress,"Eventprime – Events Calendar, Bookings And Tickets",5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-09-10T11:30:31.628Z,0
CVE-2024-1126,https://securityvulnerability.io/vulnerability/CVE-2024-1126,Unauthorized Access to Attendees List in EventPrime Plugin Due to Missing Capability Check,"The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_attendees_email_by_event_id() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to to retrieve the attendees list for any event.",Wordpress,"Eventprime – Events Calendar, Bookings And Tickets",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-13T15:27:16.554Z,0
CVE-2024-1321,https://securityvulnerability.io/vulnerability/CVE-2024-1321,Payment Bypass Vulnerability in EventPrime Events Calendar Plugin for WordPress,"The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress has a significant security issue that enables unauthenticated users to manipulate order payment statuses. This flaw allows attackers to bypass payment requirements entirely, resulting in unauthorized access to event bookings without any charge. All versions up to and including 3.4.2 are affected, making it essential for users to update promptly to secure their applications against unapproved event registrations.",Wordpress,"Eventprime – Events Calendar, Bookings And Tickets",5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-13T15:26:56.986Z,0
CVE-2024-1127,https://securityvulnerability.io/vulnerability/CVE-2024-1127,Data Exposure Risk in EventPrime Plugin for WordPress,"The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress has a vulnerability that permits unauthorized access to sensitive data. This issue arises from a missing capability check in the booking_export_all() function, allowing authenticated users with subscriber-level access or higher to retrieve all event bookings, potentially exposing personally identifiable information (PII). It is crucial for site administrators to ensure all installations of the affected plugin are updated to protect against this data exposure risk.",Wordpress,"Eventprime – Events Calendar, Bookings And Tickets",4.3,MEDIUM,0.00044999999227002263,false,,false,false,false,,false,false,2024-03-13T15:26:44.282Z,0
CVE-2024-1125,https://securityvulnerability.io/vulnerability/CVE-2024-1125,Unauthorized Data Loss in EventPrime Plugin Due to Missing Capability Check,"The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary posts.",Wordpress,"Eventprime – Events Calendar, Bookings And Tickets",5.3,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-03-09T07:01:10.355Z,0
CVE-2024-1320,https://securityvulnerability.io/vulnerability/CVE-2024-1320,Stored Cross-Site Scripting Vulnerability in EventPrime's Events Calendar Plugin,"The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offline_status' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",Wordpress,"Eventprime – Events Calendar, Bookings And Tickets",6.1,MEDIUM,0.0004600000102072954,false,,false,false,false,,false,false,2024-03-09T07:01:09.784Z,0
CVE-2024-1123,https://securityvulnerability.io/vulnerability/CVE-2024-1123,Unauthorized Modification of Data in EventPrime Plugin Due to Missing Capability Check,"The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_frontend_event_submission() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with subscriber-level access and above, to overwrite the title and content of arbitrary posts. This can also be exploited by unauthenticated attackers when the allow_submission_by_anonymous_user setting is enabled.",Wordpress,"Eventprime – Events Calendar, Bookings And Tickets",6.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-09T07:01:09.193Z,0
CVE-2024-1124,https://securityvulnerability.io/vulnerability/CVE-2024-1124,Unauthorized Email Sending Vulnerability in EventPrime Plugin,"The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the ep_send_attendees_email() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to send arbitrary emails with arbitrary content from the site.",Wordpress,"Eventprime – Events Calendar, Bookings And Tickets",4.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,false,false,2024-03-09T07:01:04.693Z,0