CVE-2024-4665

The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://wpscan.com/vulnerability/50b78cac-cad1-4526-9655-ae0440739796/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:metagauss:eventprime:*:*:*:*:*:wordpress:*:*

History

04 Jun 2025, 20:10

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-05-15 20:15

Updated : 2025-06-04 20:10

NVD link : CVE-2024-4665

Mitre link : CVE-2024-4665

CVE.ORG link : CVE-2024-4665

JSON object : View

Products Affected

metagauss

eventprime

CWE

NVD-CWE-noinfo

5.3 /10