CVE-2026-1655 in EventPrime Plugin
Summary
by MITRE • 02/18/2026
The EventPrime plugin for WordPress is vulnerable to unauthorized post modification due to missing authorization checks in all versions up to, and including, 4.2.8.4. This is due to the save_frontend_event_submission function accepting a user-controlled event_id parameter and updating the corresponding event post without enforcing ownership or capability checks. This makes it possible for authenticated (Customer+) attackers to modify posts created by administrators by manipulating the event_id parameter granted they can obtain a valid nonce.
Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.
Analysis
by VulDB Data Team • 02/18/2026
The vulnerability identified as CVE-2026-1655 affects the EventPrime plugin for WordPress, specifically targeting versions up to and including 4.2.8.4. This represents a critical authorization flaw that undermines the security model of the plugin by allowing unauthorized modifications to posts created by administrators. The vulnerability stems from insufficient access control mechanisms within the plugin's frontend event submission functionality, creating a pathway for malicious actors to manipulate content they should not have access to modify.
The technical flaw manifests in the save_frontend_event_submission function which processes user-controlled input without proper validation or authorization checks. When an attacker submits a request containing a manipulated event_id parameter, the function directly updates the corresponding event post without verifying whether the requesting user has legitimate authorization to modify that specific post. This function accepts user input directly from the frontend without implementing any ownership verification or capability assessment, creating a direct vector for privilege escalation attacks. The vulnerability is particularly concerning because it operates within the authenticated attack surface, requiring only a valid user account with Customer+ level permissions to exploit the flaw.
The operational impact of this vulnerability extends beyond simple unauthorized access, as it enables authenticated attackers to modify critical content created by administrators. This allows for potential data manipulation, content injection, and the possibility of introducing malicious code or false information into the event management system. Attackers can exploit this vulnerability by obtaining a valid nonce, which is typically used to prevent cross-site request forgery attacks but in this case is insufficient to prevent unauthorized modifications. The consequence is that administrators may lose control over their event content, potentially leading to reputational damage, data integrity issues, and the compromise of event-related information that may contain sensitive details.
This vulnerability aligns with CWE-863, which addresses "Incorrect Authorization" in software systems, specifically targeting the failure to properly verify user permissions before performing privileged operations. The flaw also corresponds to ATT&CK technique T1078.004, which covers "Valid Accounts: Cloud Accounts" and represents how attackers can leverage legitimate user credentials to perform unauthorized actions within applications. Organizations should immediately implement mitigations including updating to the latest plugin version, implementing additional input validation, and conducting thorough security reviews of all user-facing functions that handle content modification. The recommended approach involves enforcing strict capability checks and ownership verification before any post modification operations are executed, ensuring that only authorized users can modify content they have created or have explicit permission to edit.