CVE-2024-6000

Name of the Vulnerable Software and Affected Versions: FooEvents for WooCommerce plugin for WordPress versions up to, and including, 1.19.20 Popup Builder plugin version 4.2.3 and older

Description: The issue allows authenticated attackers with contributor-level capabilities or above to upload arbitrary files on the affected site's server, which may make remote code execution possible. This is due to an improper capability setting on the display ticket themes page function.

Recommendations: For FooEvents for WooCommerce plugin for WordPress versions up to, and including, 1.19.20, update to version 1.19.21 to fully patch the issue. For Popup Builder plugin version 4.2.3 and older, remove or update the plugin to a version newer than 4.2.3. As a temporary workaround, consider disabling the display ticket themes page function until a patch is available.