4 matches found
CVE-2024-1126
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getattendeesemailbyeventid function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, wi...
WordPress EventPrime Plugin <= 3.4.1 is vulnerable to Broken Access Control
Software EventPrime Type Plugin Vulnerable versions = 3.4.1 Fixed in 3.4.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1126 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID f1030a0eaeb5 Credits Lucio Sá Required privilege...
CVE-2024-1126 EventPrime – Events Calendar, Bookings and Tickets <= 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Attendee List Retrieval
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the getattendeesemailbyeventid function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, wi...
CVE-2024-1126
CVE-2024-1126 concerns the EventPrime – Events Calendar, Bookings and Tickets WordPress plugin. A missing capability check in get_attendees_email_by_event_id() affects all versions up to 3.4.1, enabling authenticated users with subscriber-level access (and higher) to retrieve the attendees list f...