WordPress Eventer plugin <= 3.9.9 - Missing Authorization to Authenticated (Subscriber+) Bookings Export

Missing Authorization to Authenticated Subscriber+ Bookings Export vulnerability discovered by István Márton in WordPress Plugin Eventer versions = 3.9.9...

CVE-2024-11134 Eventer <= 3.9.9 - Missing Authorization to Authenticated (Subscriber+) Bookings Export

The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eventerexportbookingscsv' function in all versions up to, and including, 3.9.9. This makes it possible for authenticated attackers with subscriber-level permissions or above, to...

PT-2024-16874 · WordPress · Eventprime – Events Calendar

Name of the Vulnerable Software and Affected Versions: The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress versions up to, and including, 3.4.1 Description: The issue allows unauthorized access to data due to a missing capability check on the booking export all function...