The EventPrime plugin for WordPress has a security flaw in versions up to 3.1.5 that allows unauthenticated attackers to inject malicious web scripts into pages. The attackers can do this by creating a link and convincing a user to click on it. This is possible because the plugin did not properly check the input data for security or properly escape the output.
This information is sourced from www.wpvulnerability.com. An open-source database of vulnerabilities maintained by the community. Help us out by submitting vulnerabilities!
Version compare shows which versions have a vulnerability. For example: >= 2.2.8 <= 2.2.21 means:
> from 2.2.8
= including 2.2.8 & 2.2.21
< to 2.2.21
Is this information incorrect? Please leave us a message.
