6.5
CVE-2024-1316
- EPSS 0.6%
- Veröffentlicht 04.03.2024 21:15:07
- Zuletzt bearbeitet 27.06.2025 14:13:27
- Quelle contact@wpscan.com
- CVE-Watchlists
- Unerledigt
Event Tickets and Registration < 5.8.1 - Contributor+ Arbitrary Events Access
Event Tickets and Registration <= 5.8.0 Events Tickets Plus <= 5.9.0 - Authenticated (Contributor+) Information Exposure
The Event Tickets and Registration WordPress plugin before 5.8.1, Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. (e.g. draft, private, pending review, pw-protected, and trashed events).
Mögliche Gegenmaßnahme
Event Tickets and Registration: Update to version 5.8.1, or a newer patched version
Events Tickets Plus: Update to version 5.9.1, or a newer patched version
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Liquidweb ≫ Event Tickets SwEditionfree SwPlatformwordpress Version < 5.8.1
Liquidweb ≫ Event Tickets SwEditionplus SwPlatformwordpress Version < 5.9.1
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Event Tickets and Registration
Version
*-5.8.0
SystemWordPress Plugin
≫
Produkt
Events Tickets Plus
Version
*-5.9.0
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.6% | 0.442 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
https://wpscan.com/vulnerability/d80dfe2f-207d-4cdf-8c71-27936c6318e5/
https://www.wordfence.com/threat-intel/vulnerabilities/id/5c9d08f5-7c94-40e7-979f-023456aeb54e