CVE-2019-16120

The CVE-2019-16120 issue affects the WordPress Event Tickets plugin (Event Tickets) prior to version 4.10.7.2. The vulnerability arises in the Export Attendees feature under All Post > Ticketed > Attendees, allowing CSV injection. Impact is potential data manipulation/CSV injection in expor...

CVE-2024-1053

CVE-2024-1053 affects the WordPress plugin “Event Tickets and Registration.” A missing capability check on the email action in versions up to and including 5.8.1 allows authenticated users with contributor-level access and above to email the attendees list to themselves. Impact is listed as data ...

CVE-2024-1316

The CVE-2024-1316 issue affects the WordPress plugins Event Tickets and Registration (pre-5.8.1) and Events Tickets Plus (pre-5.9.1). Reports across multiple sources identify a vulnerability where users with at least the Contributor role can leak the existence of certain events they should not ac...

CVE-2024-1319

The CVE-2024-1319 entry applies to the WordPress plugin Events Tickets Plus, prior to version 5.9.1. The vulnerability is a Broken Access Control issue where users with at least the Contributor role can leak the attendees list for any post type regardless of status (draft/private/pending/ passwor...

CVE-2024-13457

CVE-2024-13457 affects the WordPress plugin Event Tickets and Registration (WordPress Event Tickets) up to and including version 5.18.1 . The vulnerability is an Insecure Direct Object Reference via the tc-order-id parameter, arising from missing validation on a user-controlled key. This allows u...