Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

EventPrime — Vulnerabilities & Security Advisories 27

All 27 CVE vulnerabilities found in EventPrime, with AI-generated Chinese analysis, references, and POCs.

This page serves as a comprehensive vulnerability aggregation resource for EventPrime, focusing on common software weaknesses and security tags associated with the product. It compiles a wide array of reported security flaws, ranging from critical remote code execution flaws and authentication bypasses to less severe information disclosure issues and cross-site scripting vulnerabilities. The data covers security incidents reported from 2018 through the present, ensuring a historical perspective on the product's evolving security posture. Users can utilize this interface to track a vendor's advisories and monitor the frequency and severity of newly disclosed issues over time. Additionally, the page allows analysts to understand specific weakness classes by examining how they manifest within the EventPrime ecosystem, providing context on remediation efforts and patch cycles. By looking up a product's vulnerability history, security teams can assess long-term trends, identify recurring architectural flaws, and evaluate the effectiveness of previous mitigation strategies. This centralized view facilitates deeper risk assessments by correlating individual CVE entries with broader product updates and third-party component changes. The information is structured to support efficient triage and compliance auditing, enabling stakeholders to make informed decisions regarding deployment and upgrade schedules. This resource aims to provide transparency into the security lifecycle of EventPrime, supporting both proactive defense planning and reactive incident response efforts.

Vendor: EventPrime

CVE IDTitleCVSSSeverityPublished
CVE-2026-56053 WordPress EventPrime plugin <= 4.3.4.1 - PHP Object Injection vulnerability CWE-502 8.8 High2026-06-25
CVE-2026-42687 WordPress EventPrime plugin <= 4.3.2.1 - PHP Object Injection vulnerability CWE-502 8.1 High2026-06-15
CVE-2026-42686 WordPress EventPrime plugin <= 4.3.2.1 - Cross Site Scripting (XSS) vulnerability CWE-79 7.1 High2026-06-15
CVE-2026-39518 WordPress EventPrime plugin <= 4.3.0.0 - Insecure Direct Object References (IDOR) vulnerability CWE-639 7.1 High2026-06-15
CVE-2026-42669 WordPress EventPrime plugin <= 4.3.2.0 - Broken Access Control vulnerability CWE-862 7.5 High2026-06-02
CVE-2026-24378 WordPress EventPrime plugin <= 4.2.8.0 - PHP Object Injection vulnerability CWE-502 9.8 Critical2026-03-25
CVE-2025-69358 WordPress EventPrime plugin <= 4.2.6.0 - Broken Access Control vulnerability CWE-862 7.5 High2026-03-25
CVE-2026-25312 WordPress EventPrime plugin <= 4.2.8.3 - Payment Bypass vulnerability CWE-862 7.5 High2026-03-19
CVE-2026-25389 WordPress EventPrime plugin <= 4.2.8.3 - Sensitive Data Exposure vulnerability CWE-497 5.3 Medium2026-02-19
CVE-2026-24380 WordPress EventPrime plugin <= 4.2.8.0 - Broken Access Control vulnerability CWE-862 5.3 Medium2026-01-22
CVE-2025-63007 WordPress EventPrime plugin <= 4.2.4.1 - Sensitive Data Exposure vulnerability CWE-201 4.3 Medium2025-12-09
CVE-2025-63006 WordPress EventPrime plugin <= 4.2.4.1 - Broken Access Control vulnerability CWE-862 4.3 Medium2025-12-09
CVE-2024-4665 EventPrime – Events Calendar, Bookings and Tickets < 3.5.0 - Subscriber+ Arbitrary booking settings update 4.3AIMediumAI2025-05-15
CVE-2024-43223 WordPress EventPrime plugin <= 4.0.3.2 - Broken Access Control vulnerability CWE-862 4.3 Medium2024-11-01
CVE-2024-47648 WordPress EventPrime plugin <= 4.0.4.5 - Open Redirection vulnerability CWE-601 4.7 Medium2024-10-10
CVE-2024-31275 WordPress EventPrime plugin <= 3.3.4 - Booking Price Manipulation vulnerability CWE-862 8.2 High2024-06-09
CVE-2023-33321 WordPress EventPrime plugin <= 2.8.6 - Sensitive Data Exposure CWE-862 5.3 Medium2024-05-17
CVE-2024-29776 WordPress EventPrime plugin <= 3.3.9 - Cross Site Scripting (XSS) vulnerability 5.9 Medium2024-03-27
CVE-2024-24832 WordPress EventPrime plugin <= 3.3.9 - Broken Access Control vulnerability CWE-862 8.2 High2024-03-23
CVE-2023-6447 EventPrime < 3.3.6 - Unauthenticated Event Access 5.3 -2024-01-22
CVE-2023-4252 EventPrime <= 3.2.9 - Booking Pricing Bypass 5.3 -2023-11-27
CVE-2023-4250 EventPrime < 3.2.0 - Reflected XSS 6.1 -2023-10-31
CVE-2023-4251 EventPrime < 3.2.0 - Booking Creation via CSRF 4.3 -2023-10-31
CVE-2023-5238 EventPrime < 3.2.0 - Reflected HTML Injection on keyword parameter 6.1 -2023-10-31
CVE-2023-5519 EventPrime < 3.2.0 - Booking Creation via CSRF 4.3 -2023-10-31
CVE-2023-35884 WordPress EventPrime Plugin <= 3.0.5 is vulnerable to Cross Site Scripting (XSS) CWE-79 7.1 High2023-06-20
CVE-2023-33326 WordPress EventPrime Plugin <= 2.8.6 is vulnerable to Cross Site Scripting (XSS) CWE-79 7.1 High2023-05-28

All 27 known CVE vulnerabilities affecting EventPrime with full Chinese analysis, references, and POCs where available.