WordPress Plugin Vulnerabilities

EventPrime < 4.0.4.4 - Missing Authorization to Unauthenticated Private or Password-Protected Events Disclosure

Description

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. This makes it possible for unauthenticated attackers to view private or password-protected events.

Affects Plugins

Plugin icon
eventprime-event-calendar-management
Fixed in 4.0.4.4

References

CVE
CVE-2024-8369
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/97174ec0-a2b7-455e-9bf8-b6f51546beee

Classification

Type
NO AUTHORISATION
OWASP top 10
A5: Broken Access Control
CWE
CWE-862
CVSS
5.3 (medium)

Miscellaneous

Original Researcher
Miguel Santareno
Verified
No
WPVDB ID
0ccc360c-5902-47ee-b3d9-ca496d844798

Timeline

Publicly Published
2024-09-09 (about 1 year ago)
Added
2024-09-09 (about 1 year ago)
Last Updated
2024-09-10 (about 1 year ago)

Other

Published
Title
Published
2025-06-04
Title
Icegram Collect – Easy Form, Lead Collection and Subscription plugin < 1.3.19 - Missing Authorization
Published
2026-03-11
Title
Advanced Product Fields (Product Addons) for WooCommerce < 1.6.19 - Missing Authorization
Published
2024-07-11
Title
ReDi Restaurant Reservation < 24.0712 - Missing Authorization
Published
2024-09-24
Title
Contact Form 7 Campaign Monitor Extension <= 0.4.67 - Missing Authorization to Unauthenticated Arbitrary File Deletion
Published
2022-08-08
Title
Simply Schedule Appointments < 1.5.7.7 - Unauthenticated Email Address Disclosure