CVE-2024-11134

Name of the Vulnerable Software and Affected Versions Eventer plugin for WordPress versions prior to 3.9.10

Description The issue allows unauthorized access to data due to a missing capability check on the eventer export bookings csv function. This enables authenticated attackers with subscriber-level permissions or above to download bookings containing customers' personal data.

Recommendations For versions prior to 3.9.10, update to version 3.9.10 or later to resolve the issue. As a temporary workaround, consider restricting access to the eventer export bookings csv function until a patch is available.