EventPrime < 4.0.4.6 – Open Redirect | CVE 2024-47648 | Plugin Vulnerabilities

Description

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 4.0.4.5. This is due to insufficient validation on a redirect url supplied. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an action.

Affects Plugins

eventprime-event-calendar-management

Fixed in 4.0.4.6

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/35c7c089-6517-419e-8ba3-e6c2692fe1ae

Classification

Type

REDIRECT

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

ardias

Verified

No

WPVDB ID

f6931f18-c704-405d-b5af-db89df265eea

Timeline

Publicly Published

2024-09-30 (about 1 year ago)

Added

2024-10-10 (about 1 year ago)

Last Updated

2024-10-10 (about 1 year ago)

Other

Published

Title

Published

2024-05-13

Title

WP Compress – Image Optimizer [All-In-One] < 6.20.02 - Open Redirect via css

Published

2026-01-31

Title

Conditional CAPTCHA <= 4.0.0 - Open Redirect

Published

2023-10-12

Title

Responsive Column Widgets <= 1.2.7 - Open Redirect via responsive_column_widgets_link

Published

2020-08-12

Title

Ultimate Member < 2.1.7 - Unauthenticated Open Redirect

Published

2015-06-05

Title

Freshdesk Support < 1.8 - Open Redirect