CVE-2024-13457

Summary

CVE-2024-13457 is a vulnerability affecting the Event Tickets and Registration plugin for WordPress. This issue allows unauthenticated attackers to gain access to order details of unspecified orders via a poorly secured tc-order-id parameter. The lack of validation on user-controlled keys enables the attacker to view sensitive information, such as ticket prices, user emails, and order dates, for orders they did not place. This vulnerability poses a significant risk to WordPress sites using this plugin and versions up to and including 5.18.1. It is recommended that affected users upgrade to the latest version of the plugin to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.