5 matches found
CVE-2024-1319 Event Tickets Plus < 5.9.1 - Contributor+ Attendees Lists Disclosure
The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. e.g. draft, private, pending review, password-protected, and trashed posts...
CVE-2024-1319 Event Tickets Plus < 5.9.1 - Contributor+ Attendees Lists Disclosure
The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. e.g. draft, private, pending review, password-protected, and trashed posts...
Event Tickets Plus < 5.9.1 - Contributor+ Attendees Lists Disclosure
Description The plugin does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. e.g. draft, private, pending review, password-protected, and trashed posts. 1. ADMIN: Install Event Tickets 2. ADMIN: Install Event Tickets Plus ...
Event Tickets and Registration < 5.8.1 - Contributor+ Arbitrary Events Access
Description The plugin does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. e.g. draft, private, pending review, pw-protected, and trashed events. 1. ADMIN: Install Event Tickets 2. ADMIN: Install Event Tickets Plus...
Event Tickets Plus < 5.9.1 - Contributor+ Attendees Lists Disclosure
Description The plugin does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. e.g. draft, private, pending review, password-protected, and trashed posts. PoC 1. ADMIN: Install Event Tickets 2. ADMIN: Install Event Tickets...