PT-2024-17939 · WordPress · Events Tickets Plus

Scott Kingsley Clark

Published

2024-03-04

Updated

2025-03-27

CVE-2024-1319

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Events Tickets Plus WordPress plugin versions prior to 5.9.1

Description The issue allows users with at least the contributor role to leak the attendees list on any post type, regardless of its status, such as draft, private, pending review, password-protected, and trashed posts.

Recommendations For versions prior to 5.9.1, update to version 5.9.1 or later to resolve the issue. As a temporary workaround, consider restricting the contributor role's access to sensitive information until the update is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2024-1319

Affected Products

Events Tickets Plus

PT-2024-17939 · WordPress · Events Tickets Plus

CVE-2024-1319

Related Identifiers

Affected Products

References · 5