CVE-2024-4665

The EventPrime WordPress plugin before 3.5.0 does not properly validate permissions when updating bookings, allowing users to change/cancel bookings for other users. Additionally, the feature is lacking a nonce.

CVSS v3 6.4 MEDIUM

6.4^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 2.7

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://wpscan.com/vulnerability/50b78cac-cad1-4526-9655-ae0440739796/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:metagauss:eventprime:*:*:*:*:*:wordpress:*:*

History

13 Nov 2025, 21:15

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~5.3~~	v2 : unknown v3 : 6.4

Information

Published : 2025-05-15 20:15

Updated : 2025-11-13 21:15

NVD link : CVE-2024-4665

Mitre link : CVE-2024-4665

CVE.ORG link : CVE-2024-4665

JSON object : View

Products Affected

metagauss

eventprime

CWE

NVD-CWE-noinfo

6.4 /10