CVE-2024-1316

The Event Tickets and Registration WordPress plugin before 5.8.1, Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. (e.g. draft, private, pending review, pw-protected, and trashed events).

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://wpscan.com/vulnerability/d80dfe2f-207d-4cdf-8c71-27936c6318e5/	Exploit Third Party Advisory
https://wpscan.com/vulnerability/d80dfe2f-207d-4cdf-8c71-27936c6318e5/	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:liquidweb:event_tickets:::::free:wordpress::
	cpe:2.3:a:liquidweb:event_tickets:::::plus:wordpress::

History

No history.

Information

Published : 2024-03-04 21:15

Updated : 2025-06-27 14:13

NVD link : CVE-2024-1316

Mitre link : CVE-2024-1316

CVE.ORG link : CVE-2024-1316

JSON object : View

Products Affected

liquidweb

event_tickets

CWE

NVD-CWE-noinfo

{"id": "CVE-2024-1316", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2024-03-04T21:15:07.007", "references": [{"url": "https://wpscan.com/vulnerability/d80dfe2f-207d-4cdf-8c71-27936c6318e5/", "tags": ["Exploit", "Third Party Advisory"], "source": "contact@wpscan.com"}, {"url": "https://wpscan.com/vulnerability/d80dfe2f-207d-4cdf-8c71-27936c6318e5/", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "The Event Tickets and Registration WordPress plugin before 5.8.1, Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. (e.g. draft, private, pending review, pw-protected, and trashed events)."}, {"lang": "es", "value": "El complemento Event Tickets and Registration de WordPress anterior a 5.8.1, el complemento Events Tickets Plus de WordPress anterior a 5.9.1 no impide que los usuarios con al menos el rol de colaborador filtren la existencia de ciertos eventos a los que no deber\u00edan tener acceso. (por ejemplo, eventos borrador, privados, pendientes de revisi\u00f3n, protegidos por contrase\u00f1a y eliminados)."}], "lastModified": "2025-06-27T14:13:27.050", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:liquidweb:event_tickets:*:*:*:*:free:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "38606711-F38F-4EDD-933A-6E56180236EA", "versionEndExcluding": "5.8.1"}, {"criteria": "cpe:2.3:a:liquidweb:event_tickets:*:*:*:*:plus:wordpress:*:*", "vulnerable": true, "matchCriteriaId": "4DF28AAA-1A23-4675-9FC1-01B6E1CAC2C7", "versionEndExcluding": "5.9.1"}], "operator": "OR"}]}], "sourceIdentifier": "contact@wpscan.com"}