Primary

Context

EventPrime WordPress Plugin Arbitrary Booking Modification Vulnerability

Vulnerability

A vulnerability exists in the EventPrime WordPress plugin in versions prior to 3.5.0, where the plugin fails to properly validate user permissions when updating bookings. This flaw allows users to change or cancel bookings made by others. Additionally, the booking update feature does not include a nonce for security.

Impact

Exploitation of this vulnerability could lead to unauthorized users being able to modify or cancel bookings for other users, potentially causing disruption or confusion in event management.

Remediation

Users are advised to update the EventPrime WordPress plugin to version 3.5.0 or later.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.6

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.6

remediation

7.7

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

EventPrime WordPress Plugin Arbitrary Booking Modification Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating