Lucene search
+L

4 matches found

Patchstack
Patchstack
added 2024/03/05 12:0 a.m.11 views

WordPress Events Tickets Plus Plugin < 5.9.1 is vulnerable to Broken Access Control

Software Events Tickets Plus Type Plugin Vulnerable versions 5.9.1 Fixed in 5.9.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1319 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID b382e64c9059 Credits Scott Kingsley Clark Require...

6.9AI score0.00456EPSS
Exploits2References3Affected Software1
NVD
NVD
added 2024/03/04 9:15 p.m.17 views

CVE-2024-1319

The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. e.g. draft, private, pending review, password-protected, and trashed posts...

4.3CVSS6.5AI score0.00456EPSS
Exploits2References1
Cvelist
Cvelist
added 2024/03/04 9:0 p.m.30 views

CVE-2024-1319 Event Tickets Plus < 5.9.1 - Contributor+ Attendees Lists Disclosure

The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. e.g. draft, private, pending review, password-protected, and trashed posts...

6.7AI score0.00456EPSS
Exploits2References1
Vulnrichment
Vulnrichment
added 2024/03/04 9:0 p.m.12 views

CVE-2024-1319 Event Tickets Plus < 5.9.1 - Contributor+ Attendees Lists Disclosure

The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. e.g. draft, private, pending review, password-protected, and trashed posts...

6.5AI score0.00456EPSS
Exploits2References1
Rows per page
Query Builder