CVE-2024-1122
CVSS 3.1 Score 5.3 of 10 (medium)
Details
Published Feb 9, 2024
Updated: Feb 15, 2024
CWE ID 862
Summary
CVE-2024-1122: A vulnerability affecting the Event Manager, Events Calendar, Events Tickets plugin for WordPress, specifically versions up to and including 3.3.50, allows unauthenticated attackers to gain unauthorized access to event data. This issue arises due to a missing capability check on the export_data() function, enabling exportation of sensitive information without proper authorization. Unauthenticated actors can exploit this flaw to obtain valuable data, threatening privacy and potentially leading to further security risks.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Themewinter Eventin
Affected Vendors
- Theme Winter