WordPress EventPrime Plugin <= 3.4.3 is vulnerable to Broken Access Control

Software EventPrime Type Plugin Vulnerable versions = 3.4.3 Fixed in 3.4.4 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1124 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 5630665ed0a8 Credits Lucio Sá Required privilege...

CVE-2024-1124

creationtimestamp| type| source ---|---|--- 2024-03-09 08:26:43+00:00| seen| https://t.me/ctinow/203813 2024-03-09 08:26:51+00:00| seen| https://t.me/ctinow/203819...

CVE-2024-1124

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the epsendattendeesemail function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with...

CVE-2024-1124

CVE-2024-1124 concerns EventPrime – Events Calendar, Bookings and Tickets for WordPress. Multiple connected sources confirm the vulnerability exists in all versions up to and including 3.4.1, arising from a missing capability check in ep_send_attendees_email(), which permits authenticated attacke...