CVE-2025-14507

Name of the Vulnerable Software and Affected Versions EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress versions prior to 4.2.7.1

Description The EventPrime - Events Calendar, Bookings and Tickets plugin for WordPress is susceptible to sensitive information disclosure via the REST API. An unauthenticated attacker can extract sensitive booking data, including user names, email addresses, ticket details, payment information, and order keys, when the API is enabled by an administrator. The vulnerability was partially addressed in version 4.2.7.0, but remained exploitable. The affected API endpoint is not specified. The vulnerable parameter is not specified.

Recommendations Update to version 4.2.7.1 or later.