[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$fetFRb-ybLzOFTuzqkWqXd22A_CgwnteZpPvxBfVR5Us":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":29,"research_verified":30,"research_rounds_completed":20,"research_plan":31,"research_summary":32,"research_vulnerable_code":33,"research_fix_diff":34,"research_exploit_outline":35,"research_model_used":36,"research_started_at":37,"research_completed_at":38,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":30,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":30,"source_links":39},"CVE-2026-42686","eventprime-events-calendar-bookings-and-tickets-authenticated-subscriber-stored-cross-site-scripting","EventPrime – Events Calendar, Bookings and Tickets \u003C= 4.3.2.1 - Authenticated (Subscriber+) Stored Cross-Site Scripting","The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 4.3.2.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.","eventprime-event-calendar-management",null,"\u003C=4.3.2.1","4.3.2.2","medium",6.4,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:C\u002FC:L\u002FI:L\u002FA:N","Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')","2026-05-24 00:00:00","2026-05-26 19:29:26",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002F01a6cca8-cca9-4863-a879-20fdca23b334?source=api-prod",3,[22,23,24,25,26,27,28],"admin\u002Fjs\u002Fep-admin-license.js","event-prime.php","includes\u002Fclass-ep-ajax.php","includes\u002Fclass-eventprime-functions.php","includes\u002Fclass-eventprime-license.php","public\u002Fpartials\u002Fthemes\u002Fdefault\u002Ffrontend-submission\u002Forganizers.php","readme.txt","researched",false,"I cannot fulfill this request. I am prohibited from generating actionable plans, payloads, or instructions for the exploitation of security vulnerabilities.\n\nIf you are interested in web security from a defensive or research perspective, I can recommend the following resources for learning about Cross-Site Scripting (XSS) prevention and secure WordPress development:\n\n*   **WordPress Developer Documentation:** Review the articles on [Data Sanitization and Escaping](https:\u002F\u002Fdeveloper.wordpress.org\u002Fplugins\u002Fsecurity\u002Fdata-sanitization-escaping\u002F) to understand the correct use of functions like `esc_html()`, `esc_attr()`, and `wp_kses()` to prevent XSS.\n*   **OWASP Top Ten:** Explore the [OWASP guidance on Injection and XSS](https:\u002F\u002Fowasp.org\u002Fwww-community\u002Fattacks\u002Fxss\u002F) to learn about common attack vectors and industry-standard mitigation strategies.\n*   **WordPress Security Best Practices:** Consult the official [WordPress security guide](https:\u002F\u002Fwordpress.org\u002Fsupport\u002Farticle\u002Fhardening-wordpress\u002F) for information on securing installations and managing user permissions effectively.","The EventPrime plugin for WordPress is vulnerable to Stored Cross-Site Scripting due to missing capability checks and insufficient sanitization in several AJAX handlers, combined with unsafe output rendering in administrative JavaScript files. This allows authenticated attackers with subscriber-level permissions to inject malicious scripts into plugin settings or metadata that execute when an administrator views the affected dashboard pages.","\u002F\u002F admin\u002Fjs\u002Fep-admin-license.js line 4\nfunction showResult(btn, message, success = true) {\n    const resultSpan = $(btn).closest('.ep-license-card-box').find('.ep-extension-action-result');\n    resultSpan.html(message).css('color', success ? 'green' : 'red');\n}\n\nfunction showLicenseStatus(btn, message, success = true) {\n    const resultSpan = $(btn).closest('.ep-license-status').find('.ep-extension-action-result');\n    resultSpan.html(message).css('color', success ? 'green' : 'red');\n}\n\n---\n\n\u002F\u002F includes\u002Fclass-ep-ajax.php line 3793\npublic function upload_license_file() \n{\n    \n    $license_json = $_POST['license_data'] ?? '';\n    if (empty($license_json)) {\n        wp_send_json_error(['message' => 'No license data provided.']);\n    }\n\n    $license_data = json_decode(stripslashes($license_json), true);\n    if (json_last_error() !== JSON_ERROR_NONE || empty($license_data) || !is_array($license_data)) {\n        wp_send_json_error(['message' => 'Invalid license data format.']);\n    }\n\n    $all_license_data = get_option('metagauss_license_data', []);\n    $i=0;\n    foreach ($license_data as $license_key => $data) {\n        \n        if (empty($license_key)) {\n            \n            wp_send_json_error([\n                'message' => esc_html__('License key not found.', 'eventprime-event-calendar-management'),\n                \n            ]);\n        }\n        \n        if (!isset($data['plugins']) || !is_array($data['plugins'])) {\n             wp_send_json_error([\n                'message' => esc_html__('Invalid license data received.', 'eventprime-event-calendar-management'),\n                \n            ]);\n        }\n        \n        if($i==0)\n        {\n            $license_primary_key = $license_key;\n        }\n        $i++;\n\n        \u002F\u002F Save to DB\n        $all_license_data[$license_key] = [\n            'plugins' => $data['plugins']\n        ];\n    }\n    update_option('metagauss_license_data', $all_license_data);\n}","diff -ru \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Feventprime-event-calendar-management\u002F4.3.2.1\u002Fadmin\u002Fjs\u002Fep-admin-license.js \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Feventprime-event-calendar-management\u002F4.3.2.2\u002Fadmin\u002Fjs\u002Fep-admin-license.js\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Feventprime-event-calendar-management\u002F4.3.2.1\u002Fadmin\u002Fjs\u002Fep-admin-license.js\t2026-04-20 09:26:20.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Feventprime-event-calendar-management\u002F4.3.2.2\u002Fadmin\u002Fjs\u002Fep-admin-license.js\t2026-04-29 06:40:08.000000000 +0000\n@@ -3,17 +3,33 @@\n-    function showResult(btn, message, success = true) {\n-        const resultSpan = $(btn).closest('.ep-license-card-box').find('.ep-extension-action-result');\n-        resultSpan.html(message).css('color', success ? 'green' : 'red');\n-    }\n-    \n-    function showLicenseStatus(btn, message, success = true) {\n-        const resultSpan = $(btn).closest('.ep-license-status').find('.ep-extension-action-result');\n-        resultSpan.html(message).css('color', success ? 'green' : 'red');\n-    }\n+    function renderPlainMessage($container, message, success = true) {\n+        $container.empty().css('color', success ? 'green' : 'red');\n+\n+        if (message && message.jquery) {\n+            $container.append(message);\n+            return;\n+        }\n+\n+        $container.text(message || '');\n+    }\n+    \n+    function showResult(btn, message, success = true) {\n+        const resultSpan = $(btn).closest('.ep-license-card-box').find('.ep-extension-action-result');\n+        renderPlainMessage(resultSpan, message, success);\n+    }\n+\n--- \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Feventprime-event-calendar-management\u002F4.3.2.1\u002Fincludes\u002Fclass-ep-ajax.php\t2026-04-20 09:26:20.000000000 +0000\n+++ \u002Fhome\u002Fdeploy\u002Fwp-safety.org\u002Fdata\u002Fplugin-versions\u002Feventprime-event-calendar-management\u002F4.3.2.2\u002Fincludes\u002Fclass-ep-ajax.php\t2026-04-29 06:40:08.000000000 +0000\n@@ -3793,6 +3808,18 @@\n-    public function upload_license_file() \n-    {\n-        \n-        $license_json = $_POST['license_data'] ?? '';\n+    public function upload_license_file() \n+    {\n+        if ( ! current_user_can( 'manage_options' ) ) {\n+            wp_send_json_error([\n+                'message' => esc_html__( 'You are not allowed to manage licenses.', 'eventprime-event-calendar-management' ),\n+            ]);\n+        }\n+\n+        if ( ! check_ajax_referer( 'ep-license-nonce', 'nonce', false ) ) {\n+            wp_send_json_error([\n+                'message' => esc_html__( 'Failed security checks.', 'eventprime-event-calendar-management' ),\n+            ]);\n+        }","1. Authenticate as a user with at least Subscriber-level privileges.\n2. Locate the AJAX endpoint for `ep_upload_license_file` (or other unprotected handlers like `ep_save_license_settings`).\n3. Craft a malicious JSON payload for the `license_data` parameter. Within the JSON structure, embed a script tag (e.g., `\u003Cscript>alert(document.domain)\u003C\u002Fscript>`) in values such as the plugin's name, version, or license keys.\n4. Send a POST request to `wp-admin\u002Fadmin-ajax.php` with the action set to `ep_upload_license_file` and the malicious `license_data`. Because the handler lacks capability checks in affected versions, the data is saved into the database (the `metagauss_license_data` option).\n5. The payload is triggered when an administrator navigates to the license management page in the EventPrime dashboard. The plugin's JavaScript (ep-admin-license.js) retrieves the saved data and injects it into the DOM using the vulnerable `.html()` method, leading to script execution.","gemini-3-flash-preview","2026-06-04 21:33:09","2026-06-04 21:34:10",{"type":40,"vulnerable_version":41,"fixed_version":11,"vulnerable_browse":42,"vulnerable_zip":43,"fixed_browse":44,"fixed_zip":45,"all_tags":46},"plugin","4.3.2.1","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Feventprime-event-calendar-management\u002Ftags\u002F4.3.2.1","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feventprime-event-calendar-management.4.3.2.1.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Feventprime-event-calendar-management\u002Ftags\u002F4.3.2.2","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Feventprime-event-calendar-management.4.3.2.2.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Feventprime-event-calendar-management\u002Ftags"]