// For flags

CVE-2024-1122

Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin <= 3.3.50 - Missing Authorization to Unauthenticated Events Export

Severity Score

5.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

Attend
*SSVC
Descriptions

The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data.

El complemento Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificación de capacidad en la función export_data() en todas las versiones hasta la 3.3.50 incluida. Esto hace posible que atacantes no autenticados exporten datos de eventos.

*Credits: Francesco Carlucci
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:Attend
Exploitation
None
Automatable
Yes
Tech. Impact
Partial
* Organization's Worst-case Scenario
Timeline
  • 2024-01-31 CVE Reserved
  • 2024-02-08 CVE Published
  • 2024-02-16 EPSS Updated
  • 2024-08-27 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-862: Missing Authorization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Themewinter
Search vendor "Themewinter"
Eventin
Search vendor "Themewinter" for product "Eventin"
< 3.3.51
Search vendor "Themewinter" for product "Eventin" and version " < 3.3.51"
wordpress
Affected