Lucene search
K

4 matches found

RedhatCVE
RedhatCVE
added 2025/05/23 8:22 a.m.6 views

CVE-2024-1126

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getattendeesemailbyeventid function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, wi...

4.3CVSS6.7AI score0.00444EPSS
Exploits0References1
Patchstack
Patchstack
added 2024/03/14 12:0 a.m.23 views

WordPress EventPrime Plugin <= 3.4.1 is vulnerable to Broken Access Control

Software EventPrime Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1126 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f1030a0eaeb5 Credits Lucio Sá Required privilege...

5.3CVSS6.5AI score0.00444EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/03/13 3:27 p.m.16 views

CVE-2024-1126 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Attendee List Retrieval

The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getattendeesemailbyeventid function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, wi...

4.3CVSS6.7AI score0.00444EPSS
Exploits0References2
CVE
CVE
added 2024/03/13 3:27 p.m.56 views

CVE-2024-1126

CVE-2024-1126 concerns the EventPrime – Events Calendar, Bookings and Tickets WordPress plugin. A missing capability check in get_attendees_email_by_event_id() affects all versions up to 3.4.1, enabling authenticated users with subscriber-level access (and higher) to retrieve the attendees list f...

4.3CVSS6.7AI score0.00444EPSS
Exploits0References2Affected Software1
Rows per page
Query Builder