Plugin icon

EventPrime – Events Calendar, Bookings and Tickets

eventprime-event-calendar-management

Vulnerabilities:

38

Last Updated:

April 3, 2026

Active Installs:

7000

Published
Title
Fixed in
CVSS
Published
2026-03-18
Title
EventPrime – Events Calendar, Bookings and Tickets < 4.2.8.4 - Missing Authorization
Fixed in
Fixed in 4.2.8.4
CVSS
5.3 (medium)
Published
2026-03-17
Title
EventPrime – Events Calendar, Bookings and Tickets < 4.2.8.1 - Unauthenticated PHP Object Injection
Fixed in
Fixed in 4.2.8.1
CVSS
8.1 (high)
Published
2026-03-10
Title
EventPrime – Events Calendar, Bookings and Tickets < 4.2.7.0 - Missing Authorization
Fixed in
Fixed in 4.2.7.0
CVSS
5.3 (medium)
Published
2026-02-20
Title
EventPrime < 4.2.8.4 - Unauthenticated Information Exposure
Fixed in
Fixed in 4.2.8.4
CVSS
5.3 (medium)
Published
2026-02-17
Title
EventPrime < 4.2.8.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Event Modification via 'event_id' Parameter
Fixed in
Fixed in 4.2.8.5
CVSS
4.3 (medium)
Published
2026-02-16
Title
EventPrime < 4.2.8.5 - Missing Authorization to Unauthenticated Image Upload via 'ep_upload_file_media' AJAX Endpoint
Fixed in
Fixed in 4.2.8.5
CVSS
5.3 (medium)
Published
2026-01-28
Title
EventPrime < 4.2.8.1 - Missing Authorization
Fixed in
Fixed in 4.2.8.1
CVSS
5.3 (medium)
Published
2026-01-12
Title
EventPrime - Events Calendar, Bookings and Tickets < 4.2.8.0 - Unauthenticated Sensitive Information Exposure via REST API
Fixed in
Fixed in 4.2.8.0
CVSS
5.3 (medium)
Published
2025-11-07
Title
EventPrime – Events Calendar, Bookings and Tickets < 4.2.0.1 - Missing Authorization to Authenticated (Subscriber+) Booking Note Creation
Fixed in
Fixed in 4.2.0.1
CVSS
4.3 (medium)
Published
2025-11-06
Title
EventPrime < 4.2.5.0 - Missing Authorization
Fixed in
Fixed in 4.2.5.0
CVSS
5.3 (medium)
Published
2025-11-06
Title
EventPrime < 4.2.5.0 - Authenticated (Subscriber+) Information Exposure
Fixed in
Fixed in 4.2.5.0
CVSS
4.3 (medium)
Published
2025-03-06
Title
EventPrime – Events Calendar, Bookings and Tickets < 4.0.7.4 - Missing Authorization to Authenticated (Subscriber+) Event Attendees Export
Fixed in
Fixed in 4.0.7.4
CVSS
4.3 (medium)
Published
2024-12-16
Title
EventPrime – Events Calendar, Bookings and Tickets < 4.0.7.4 - Unauthenticated Stored Cross-Site Scripting via Ticket Category and Ticket Type Name
Fixed in
Fixed in 4.0.7.4
CVSS
7.2 (high)
Published
2024-10-23
Title
EventPrime – Modern Events Calendar, Bookings and Tickets < 4.0.4.8 - Unauthenticated Stored Cross-Site Scripting
Fixed in
Fixed in 4.0.4.8
CVSS
6.1 (medium)
Published
2024-10-23
Title
EventPrime – Modern Events Calendar, Bookings and Tickets < 4.0.4.8 - Unauthenticated Stored Cross-Site Scripting via Transaction Log
Fixed in
Fixed in 4.0.4.8
CVSS
6.1 (medium)
Published
2024-09-30
Title
EventPrime < 4.0.4.6 - Open Redirect
Fixed in
Fixed in 4.0.4.6
CVSS
6.1 (medium)
Published
2024-09-09
Title
EventPrime < 4.0.4.4 - Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure
Fixed in
Fixed in 4.0.4.4
CVSS
5.3 (medium)
Published
2024-08-09
Title
EventPrime < 4.0.4.0 - Missing Authorization via calendar_event_create()
Fixed in
Fixed in 4.0.4.0
CVSS
5.3 (medium)
Published
2024-04-23
Title
EventPrime – Events Calendar, Bookings and Tickets < 3.5.0 - Subscriber+ Arbitrary booking settings update
Fixed in
Fixed in 3.5.0
CVSS
6.4 (medium)
Published
2024-04-05
Title
EventPrime < 3.3.5 - Unauthenticated Booking Price Manipulation
Fixed in
Fixed in 3.3.5
CVSS
5.3 (medium)
Published
2024-03-25
Title
EventPrime < 3.4.0 - Authenticated (Administrator+) Stored Cross-Site Scripting
Fixed in
Fixed in 3.4.0
CVSS
5.5 (medium)
Published
2024-03-08
Title
EventPrime – Events Calendar, Bookings and Tickets < 3.4.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Sending
Fixed in
Fixed in 3.4.4
CVSS
4.3 (medium)
Published
2024-03-08
Title
EventPrime – Events Calendar, Bookings and Tickets < 3.4.3 - Unauthenticated Booking Payment Bypass
Fixed in
Fixed in 3.4.3
CVSS
5.3 (medium)
Published
2024-03-08
Title
EventPrime – Events Calendar, Bookings and Tickets < 3.4.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion
Fixed in
Fixed in 3.4.4
CVSS
6.5 (medium)
Published
2024-03-08
Title
EventPrime – Events Calendar, Bookings and Tickets < 3.4.3 - Missing Authorization to Arbitrary Post Overwrite
Fixed in
Fixed in 3.4.3
CVSS
6.5 (medium)
Published
2024-03-08
Title
EventPrime – Events Calendar, Bookings and Tickets < 3.4.4 - Unauthenticated Stored Cross-Site Scripting
Fixed in
Fixed in 3.4.4
CVSS
6.5 (medium)
Published
2024-02-14
Title
EventPrime – Events Calendar, Bookings and Tickets < 3.4.1 - Missing Authorization to Authenticated (Subscriber+) Attendee List Retrieval
Fixed in
Fixed in 3.4.1
CVSS
5.3 (medium)
Published
2024-02-14
Title
EventPrime – Events Calendar, Bookings and Tickets < 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Event Export
Fixed in
Fixed in 3.4.2
CVSS
4.3 (medium)
Published
2024-02-02
Title
EventPrime < 3.4.0 - Improper Input Validation via save_event_booking
Fixed in
Fixed in 3.4.0
CVSS
5.3 (medium)
Published
2023-12-29
Title
EventPrime < 3.3.6 - Unauthenticated Event Access
Fixed in
Fixed in 3.3.6
CVSS
5.3 (medium)
Published
2023-11-21
Title
EventPrime – Modern Events Calendar, Bookings and Tickets < 3.3.3 - Contributor+ Stored XSS
Fixed in
Fixed in 3.3.3
CVSS
6.4 (medium)
Published
2023-10-30
Title
EventPrime < 3.3.6 - Booking Pricing Bypass
Fixed in
Fixed in 3.3.6
CVSS
4.3 (medium)
Published
2023-10-11
Title
EventPrime < 3.1.6 - Reflected XSS
Fixed in
Fixed in 3.1.6
CVSS
7.1 (high)
Published
2023-10-09
Title
EventPrime < 3.2.0 - Reflected XSS
Fixed in
Fixed in 3.2.0
CVSS
7.1 (high)
Published
2023-10-09
Title
EventPrime < 3.2.0 - Reflected HTML Injection on keyword parameter
Fixed in
Fixed in 3.2.0
CVSS
5.4 (medium)
Published
2023-10-09
Title
EventPrime < 3.2.0 - Booking Creation via CSRF
Fixed in
Fixed in 3.2.0
CVSS
4.3 (medium)
Published
2023-06-19
Title
EventPrime < 3.0.6 - Reflected Cross-Site Scripting
Fixed in
Fixed in 3.0.6
CVSS
7.1 (high)
Published
2023-05-22
Title
EventPrime < 3.0.0 - Unauthenticated Reflected XSS
Fixed in
Fixed in 3.0.0
CVSS
7.1 (high)