Description The EventPrime plugin for WordPress is vulnerable to unauthorized modification of data due to improper input validation in the ‘save_event_booking’ function in versions up to, and including, 3.3.9. This makes it possible for unauthenticated attackers to modify the price and other attributes of purchased tickets.