PatchSiren cyber security CVE debrief
CVE-2026-42687 EventPrime CVE debrief
CVE-2026-42687 is a HIGH severity vulnerability (CVSS Score: 8.1) in the EventPrime plugin versions <= 4.3.2.1. The vulnerability allows unauthenticated PHP object injection. The CVE was published on [cvePublishedAt]2026-06-15T21:16:56.870Z[/cvePublishedAt] and modified on [cveModifiedAt]2026-06-15T21:24:32.790Z[/cveModifiedAt].
- Vendor
- EventPrime
- Product
- Unknown
- CVSS
- HIGH 8.1
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-06-15
- Original CVE updated
- 2026-06-15
- Advisory published
- 2026-06-15
- Advisory updated
- 2026-06-15
Who should care
Users of EventPrime plugin versions <= 4.3.2.1 should apply patches or mitigations to prevent exploitation.
Technical summary
The vulnerability is caused by an unauthenticated PHP object injection in the EventPrime plugin. The CVSS vector is CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H, indicating a High severity vulnerability.
Defensive priority
HIGH
Recommended defensive actions
- Apply patches or updates to EventPrime plugin versions <= 4.3.2.1.
- Refer to [ref-4] for mitigation or vendor reference: Patchstack - WordPress EventPrime plugin 4.3.2.1 PHP Object Injection Vulnerability
Evidence notes
The CVE was reported by Patchstack ([email protected]) and listed in the NVD.
Official resources
-
CVE-2026-42687 CVE record
CVE.org
-
CVE-2026-42687 NVD detail
NVD
-
Source item URL
nvd_modified
- Mitigation or vendor reference
CVE-2026-42687 was published on [cvePublishedAt]2026-06-15T21:16:56.870Z[/cvePublishedAt].