CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-2261 – Event Tickets and Registration <= 5.8.2 - Improper Authorization to Information Disclosure
https://notcve.org/view.php?id=CVE-2024-2261
The Event Tickets and Registration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.8.2 via the RSVP functionality. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including emails and street addresses. El complemento Event Tickets and Registration para WordPress es vulnerable a la exposición de información confidencial en todas las versiones hasta la 5.8.2 incluida a través de la funcionalidad RSVP. Esto hace posible que los atacantes autenticados, con acceso de colaborador y superior, extraigan datos confidenciales, incluidos correos electrónicos y direcciones postales. • https://plugins.trac.wordpress.org/changeset?old_path=/event-tickets/tags/5.8.2&old=3059268&new_path=/event-tickets/tags/5.8.3&new=3059268&sfp_email=&sfph_mail= https://www.wordfence.com/threat-intel/vulnerabilities/id/2e42dd1c-adf7-471a-a14a-9038c56413a2?source=cve • CWE-639: Authorization Bypass Through User-Controlled Key •
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2024-1053 – Event Tickets and Registration <= 5.8.1 - Missing Authorization
https://notcve.org/view.php?id=CVE-2024-1053
The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to email the attendees list to themselves. El complemento Event Tickets and Registration para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación de capacidad en la acción 'email' en todas las versiones hasta la 5.8.1 incluida. Esto hace posible que los atacantes autenticados, con acceso de nivel de colaborador y superior, se envíen por correo electrónico la lista de asistentes. • https://plugins.trac.wordpress.org/changeset/3038150/event-tickets/tags/5.8.2/src/Tickets/Commerce/Reports/Attendees.php https://www.wordfence.com/threat-intel/vulnerabilities/id/a7839847-2637-4a0d-bfc1-5f80b8433e24?source=cve • CWE-284: Improper Access Control •