CVE-2024-1122

CVSS 3.1 Score 5.3 of 10 (medium)

Details

Published Feb 9, 2024
Updated: Feb 15, 2024
CWE ID 862

Summary

CVE-2024-1122: A vulnerability affecting the Event Manager, Events Calendar, Events Tickets plugin for WordPress, specifically versions up to and including 3.3.50, allows unauthenticated attackers to gain unauthorized access to event data. This issue arises due to a missing capability check on the export_data() function, enabling exportation of sensitive information without proper authorization. Unauthenticated actors can exploit this flaw to obtain valuable data, threatening privacy and potentially leading to further security risks.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Themewinter Eventin

Affected Vendors

  • Theme Winter