CVE-2024-13457
- EPSS 0.15%
- Veröffentlicht 30.01.2025 07:15:07
- Zuletzt bearbeitet 07.02.2025 15:34:15
The Event Tickets and Registration plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.18.1 via the tc-order-id parameter due to missing validation on a user controlled key. This makes it pos...
CVE-2024-1316
- EPSS 0.6%
- Veröffentlicht 04.03.2024 21:15:07
- Zuletzt bearbeitet 27.06.2025 14:13:27
The Event Tickets and Registration WordPress plugin before 5.8.1, Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. ...
CVE-2024-1319
- EPSS 0.11%
- Veröffentlicht 04.03.2024 21:15:07
- Zuletzt bearbeitet 24.04.2025 15:15:11
The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. (e.g. draft, private, pending review, password-protected, and trash...
CVE-2024-1053
- EPSS 0.14%
- Veröffentlicht 22.02.2024 06:15:57
- Zuletzt bearbeitet 07.02.2025 15:24:56
The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attacke...
CVE-2019-16120
- EPSS 2.86%
- Veröffentlicht 08.09.2019 23:15:10
- Zuletzt bearbeitet 07.02.2025 19:43:17
CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature.