cleantalk
Vulnerabilities and Security Researches

EventPrime – Events Calendar, Bookings and Tickets, CVE-2024-4665

CVE, Research URL

CVE-2024-4665

Home page URL

Security reports for EventPrime – Events Calendar, Bookings and Tickets

Application

EventPrime – Events Calendar, Bookings and Tickets

Published on
May 16, 2025
Research Description
The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce.
Affected versions
Min -, max 3.5.0.
Status
vulnerable
Previous vulnerability researches
Weluka Lite (CVE-2025-4591) , May 16, 2025
New vulnerability
AI ChatBot (CVE-2025-0329) , May 19, 2025
Auto Affiliate Links (CVE-2024-9838) , May 19, 2025
Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One (CVE-2025-2203) , May 19, 2025
Team – WordPress Team Members Showcase Plugin (CVE-2024-9236) , May 19, 2025
Z-Downloads (CVE-2024-8703) , May 19, 2025