Login Sign Up

CVE-2024-4665

6.4 MEDIUM
Authentication Bypass CSRF

📋 TL;DR

The EventPrime WordPress plugin before version 3.5.0 has an authorization bypass vulnerability that allows authenticated users to modify or cancel bookings belonging to other users. This affects all WordPress sites using vulnerable versions of the EventPrime plugin. The vulnerability also lacks proper nonce validation, making CSRF attacks possible.

💻 Affected Systems

Products:
  • EventPrime WordPress Plugin
Versions: All versions before 3.5.0
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: Requires WordPress installation with EventPrime plugin enabled. All default configurations are vulnerable.

📦 What is this software?

Eventprime by Metagauss

View all CVEs affecting Eventprime →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Malicious users could cancel or modify all event bookings on the site, causing significant disruption to event management and potentially financial losses from refunds or rescheduling.

🟠

Likely Case

Authenticated users exploiting the vulnerability to tamper with other users' event registrations, leading to confusion, double bookings, or unauthorized cancellations.

🟢

If Mitigated

With proper access controls and nonce validation, only authorized users can modify their own bookings, preventing unauthorized changes.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated user access. The lack of nonce validation makes CSRF attacks possible without direct authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.5.0

Vendor Advisory: https://wpscan.com/vulnerability/50b78cac-cad1-4526-9655-ae0440739796/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find EventPrime plugin. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 3.5.0+ from WordPress.org and manually update.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable the EventPrime plugin until patched to prevent exploitation.

wp plugin deactivate eventprime

Access Restriction

all

Restrict user registration and limit authenticated user access to booking features.

🧯 If You Can't Patch

  • Implement web application firewall rules to block unauthorized booking modification requests
  • Monitor booking modification logs for suspicious activity and implement manual approval workflows

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → EventPrime → Version number. If version is below 3.5.0, system is vulnerable.

Check Version:

wp plugin get eventprime --field=version

Verify Fix Applied:

Confirm EventPrime plugin version is 3.5.0 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Multiple booking modifications from single user account
  • Booking changes where user ID doesn't match booking owner

Network Indicators:

  • POST requests to booking update endpoints without proper authorization headers
  • CSRF attempts against booking modification endpoints

SIEM Query:

source="wordpress" AND (event="booking_update" OR event="booking_cancel") AND user_id != booking_owner_id

📊 Metadata

CVE ID: CVE-2024-4665
CVSS v3 Score: 6.4 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N
EPSS Score: 0.05% exploit probability (16.8th percentile)
Published: May 15, 2025
Last Updated: November 13, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON