Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
wpvulndbWpvulndbWPVDB-ID:0255F06F-B917-41FE-B312-B63E4FA2230C
HistoryMar 07, 2024 - 12:00 a.m.

EventPrime – Events Calendar, Bookings and Tickets < 3.4.2 - Missing Authorization to Authenticated (Subscriber+) Event Export

2024-03-0700:00:00
wpscan.com
4
eventprime
wordpress
vulnerability
unauthorized access
data
capability check
pii

AI Score

6.1

Confidence

High

EPSS

0

Percentile

15.5%

JSON

Description The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the booking_export_all() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to retrieve all event booking which can contain PII.

Related

cve 1
prion 1
nvd 1
cvelist 1
vulnrichment 1
wordfence 1
cve
cve
CVE-2024-1127
2024-03-13 16:15:17
prion
prion
Design/Logic Flaw
2024-03-13 16:15:00
nvd
nvd
CVE-2024-1127
2024-03-13 16:15:17
cvelist
cvelist
CVE-2024-1127
2024-03-13 15:26:44
vulnrichment
vulnrichment
CVE-2024-1127
2024-03-13 15:26:44
wordfence
wordfence
Wordfence Intelligence Weekly WordPress Vulnerability Report (February 12, 2024 to February 18, 2024)
2024-02-22 14:19:30

AI Score

6.1

Confidence

High

EPSS

0

Percentile

15.5%

JSON
Related for WPVDB-ID:0255F06F-B917-41FE-B312-B63E4FA2230C
cve1prion1nvd1cvelist1vulnrichment1wordfence1