5 matches found
CVE-2024-1316
The Event Tickets and Registration WordPress plugin before 5.8.1, Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. e.g. draft, private, pending review,...
WordPress Events Tickets Plus Plugin < 5.9.1 is vulnerable to Broken Access Control
Software Events Tickets Plus Type Plugin Vulnerable versions 5.9.1 Fixed in 5.9.1 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2024-1316 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 2dfabd1f95ab Credits Scott Kingsley Clark Require...
CVE-2024-1316 Event Tickets and Registration < 5.8.1 - Contributor+ Arbitrary Events Access
The Event Tickets and Registration WordPress plugin before 5.8.1, Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. e.g. draft, private, pending review,...
CVE-2024-1316
The CVE-2024-1316 issue affects the WordPress plugins Event Tickets and Registration (pre-5.8.1) and Events Tickets Plus (pre-5.9.1). Reports across multiple sources identify a vulnerability where users with at least the Contributor role can leak the existence of certain events they should not ac...
CVE-2024-1316 Event Tickets and Registration < 5.8.1 - Contributor+ Arbitrary Events Access
The Event Tickets and Registration WordPress plugin before 5.8.1, Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. e.g. draft, private, pending review,...