Lucene search
Scott Kingsley ClarkWPEX-ID:5904DC7E-1058-4C40-BCA3-66BA57B1414BHistoryFeb 08, 2024 - 12:00 a.m.
Event Tickets Plus < 5.9.1 - Contributor+ Attendees Lists Disclosure
2024-02-0800:00:00
Scott Kingsley Clark
34
event tickets plus
contributor plus
attendees lists
disclosure
install
create pages
rsvp
exploit
shortcode
Description The plugin does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. (e.g. draft, private, pending review, password-protected, and trashed posts).
1. ADMIN: Install Event Tickets
2. ADMIN: Install Event Tickets Plus
3. ADMIN: Create pages with each status: published, private, password-protected, draft, and trashed and add one RSVP that has an end sale date of 1 week from now
4. ADMIN: Go to those pages and RSVP for each one as the currently logged in admin (the trashed post will need to be trashed after you add the RSVP)
5. CONTRIBUTOR: Add shortcode to any post and specify/guess the page ID and save
6. CONTRIBUTOR: Preview the post and see all attendees for pages (of any status) you shouldn't have access to (NOTE: Attendee list shortcode will only output on the first occurrence so you may need to modify the page ID you reference for each of your tests)
Example shortcode: `[tribe_attendees_list event="ANY_PAGE_ID"]`Related
cvelist
cvelist
cve
cve
CVE-2024-1319
2024-03-04 21:15:07
nvd
nvd
CVE-2024-1319
2024-03-04 21:15:07
wpvulndb
wpvulndb
Event Tickets Plus < 5.9.1 - Contributor+ Attendees Lists Disclosure
2024-02-08 00:00:00
prion
prion
Default credentials
2024-03-04 21:15:00
6.8 Medium
AI Score
Confidence
Low
0.0004 Low
EPSS
Percentile
9.1%
Related for WPEX-ID:5904DC7E-1058-4C40-BCA3-66BA57B1414B