CVE-2024-1122 – Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin <= 3.3.50 - Missing Authorization to Unauthenticated Events Export
https://notcve.org/view.php?id=CVE-2024-1122
The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data. El complemento Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación de capacidad en la función export_data() en todas las versiones hasta la 3.3.50 incluida. Esto hace posible que atacantes no autenticados exporten datos de eventos. • https://plugins.trac.wordpress.org/changeset/3033231/wp-event-solution/tags/3.3.51/core/admin/hooks.php https://www.wordfence.com/threat-intel/vulnerabilities/id/0cbdf679-1657-4249-a433-8fe0cddd94be?source=cve • CWE-862: Missing Authorization •