3 matches found
EUVD-2026-40264
The Fluent Booking WordPress plugin before 2.1.2 does not verify ownership of the requested groupid before exporting attendee data via the export endpoint, allowing users with at least the Calendar Manager role to retrieve attendees' PII name, email, phone, address, payment information from...
PT-2024-16868 · WordPress · Eventprime – Events Calendar
Name of the Vulnerable Software and Affected Versions: The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress versions up to, and including, 3.4.1 Description: The issue is related to unauthorized access of data due to a missing capability check on the get attendees email by...
PT-2024-16346 · WordPress · Event Tickets/Registration
Name of the Vulnerable Software and Affected Versions: Event Tickets and Registration plugin for WordPress versions up to, and including, 5.8.1 Description: The issue is related to a missing capability check on the email action, allowing authenticated attackers with contributor-level access and...