NuytsTech Security

CVE-2024-1122

by ·

The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data.

More information : https://plugins.trac.wordpress.org/changeset/3033231/wp-event-solution/tags/3.3.51/core/admin/hooks.php

Attack vector : NETWORK
Attack complexity : LOW
Privileges required : NONE
User interaction : NONE
Confidentiality impact : LOW
Integrity impact : NONE
Base score : 5.3
Base severity : MEDIUM
Exploitability score : 3.9
Impact score : 1.4

Tags: