PT-2024-19502 · WordPress · Event Tickets/Registration
Tim Coen
·
Published
2024-04-09
·
Updated
2024-04-10
·
CVE-2024-2261
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Event Tickets and Registration plugin for WordPress versions prior to 5.8.3
Description
The issue allows authenticated attackers with contributor access or higher to extract sensitive data, including emails and street addresses, via the RSVP functionality.
Recommendations
For versions prior to 5.8.3, update to version 5.8.3 or later to resolve the issue. As a temporary workaround, consider restricting access to the RSVP functionality to minimize the risk of exploitation.
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Event Tickets/Registration