cleantalk
Vulnerabilities and Security Researches

EventPrime – Events Calendar, Bookings and Tickets, CVE-2023-6447

CVE, Research URL

CVE-2023-6447

Home page URL

Security reports for EventPrime – Events Calendar, Bookings and Tickets

Application

EventPrime – Events Calendar, Bookings and Tickets

Published on
Jan 23, 2024
Research Description
The EventPrime WordPress plugin before 3.3.6 lacks authentication and authorization, allowing unauthenticated visitors to access private and password protected Events by guessing their numeric id/event name.
Affected versions
Min -, max 3.4.0.
Status
vulnerable
Previous vulnerability researches
EventPrime – Events Calendar, Bookings and Tickets (CVE-2024-9864) , May 07, 2025
EventPrime – Events Calendar, Bookings and Tickets (CVE-2024-8369) , Sep 11, 2024
EventPrime – Events Calendar, Bookings and Tickets (CVE-2024-47648) , Oct 03, 2024
EventPrime – Events Calendar, Bookings and Tickets (CVE-2024-9865) , Oct 25, 2024
EventPrime – Events Calendar, Bookings and Tickets (CVE-2024-12024) , Dec 18, 2024
New vulnerability
Xavin's List Subpages (CVE-2025-4220) , May 08, 2025
CarDealerPress (CVE-2025-3860) , May 08, 2025
Crossword Compiler Puzzles (CVE-2025-46493) , May 08, 2025
Frontend Dashboard (CVE-2025-4104) , May 08, 2025
Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce (CVE-2025-0671) , May 08, 2025