CVE-2026-25312
WordPress EventPrime plugin <= 4.2.8.3 - Payment Bypass vulnerabilityMissing Authorization vulnerability in Metagauss EventPrime eventprime-event-calendar-management allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through <= 4.2.8.3.
We have discovered 999 live websites that are affected by CVE-2026-25312.
Affected Software
| Product |  Eventprime Event Calendar Management |
| Category | Wordpress Plugins |
| Vulnerable Domains | 999 live websites (52% of Eventprime Event Calendar Management install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 71 versions ( 89% of all versions) |
Details
- Published - Mar 19, 2026
- Updated - Apr 29, 2026
Credits
- Dr. M Fahad Khan | Patchstack Bug Bounty Program (finder)
CVE References
Website Distribution by Country
Number of websites using CVE-2026-25312 United States | 283 websites |
 Germany | 196 websites |
 GB | 67 websites |
 France | 64 websites |
 Netherlands | 34 websites |
 Italy | 32 websites |
 Switzerland | 28 websites |
 Canada | 26 websites |
 Spain | 21 websites |
 South Africa | 21 websites |
Website Distribution by TLD
Number of websites using CVE-2026-25312| .com | 307 websites |
| .de | 145 websites |
| .org | 135 websites |
| .nl | 31 websites |
| .co.uk | 26 websites |
| .ch | 25 websites |
| .it | 24 websites |
| .fr | 24 websites |
| .org.uk | 19 websites |
| .com.au | 16 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2026-25312
Top websites that are affected by CVE-2026-25312. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.hu |  Hungary | ***,*** | |
| ************.org | United States | ***,*** | |
| **************.org | United States | ***,*** | |
| *********.com | Canada | ***,*** | |
| **************.de | Germany | ***,*** | |
| **.********.com | Germany | ***,*** | |
| ************.com | Italy | ***,*** | |
| **************.de | Germany | ***,*** | |
| ***.org | United States | ***,*** | |
| *****.org | France | ***,*** |
FAQ
A total of 999 websites have been identified as vulnerable to CVE-2026-25312, based on global website indexing conducted by WebTechSurvey.
The Eventprime Event Calendar Management is affected by the CVE-2026-25312 vulnerability.
Eventprime Event Calendar Management versions up to and including 4.2.8.3 are vulnerable to CVE-2026-25312.