cleantalk
Vulnerabilities and Security Researches

EventPrime – Events Calendar, Bookings and Tickets, CVE-2024-4665

CVE, Research URL

CVE-2024-4665

Home page URL

Security reports for EventPrime – Events Calendar, Bookings and Tickets

Application

EventPrime – Events Calendar, Bookings and Tickets

Published on
May 16, 2025
Research Description
The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce.
Affected versions
Min -, max 3.5.0.
Status
vulnerable
Previous vulnerability researches
Wise Chat (CVE-2024-13613) , May 18, 2025
Wise Chat (CVE-2023-32504) , Jun 07, 2024
Wise Chat (CVE-2019-6780) , Jun 07, 2024
New vulnerability
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2024-8426) , May 19, 2025
Page Builder: Pagelayer – Drag and Drop website builder (CVE-2024-8618) , May 19, 2025
EventPrime – Events Calendar, Bookings and Tickets (CVE-2024-4665) , May 19, 2025
Quiz Maker (CVE-2024-8617) , May 19, 2025
Advanced Cron Manager – debug & control (CVE-2024-4004) , May 18, 2025