CVE-2024-11133

Medium CVSS: 5.3

The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'handle_pdf_download_request' function in all versions up to, and including, 3.9.9. This makes it possible for unauthenticated attackers to download event tickets.

Vendor

Imithemes

Product

Eventer

CWE

CWE-862

Yayın Tarihi

2025-02-03 20:15:32

Güncelleme

2025-03-04 16:38:32

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-862 Eventer MEDIUM Imithemes 2025

Referanslar

https://codecanyon.net/item/eventer-wordpress-event-manager-plugin/20972534 https://www.wordfence.com/threat-intel/vulnerabilities/id/1d78b823-fdff-41b2-8059-6564e3eb668d?source=cve

Benzer Kayıtlar

Critical

CVE-2025-39481

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in imithemes Eventer…

High

CVE-2025-39482

Missing Authorization vulnerability in imithemes Eventer eventer allows Exploiting Incorrectly Configured Access Control…

High

CVE-2025-0959

The Eventer - WordPress Event & Booking Manager Plugin plugin for WordPress is vulnerable to SQL Injection via the reg_i…

Medium

CVE-2025-22635

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imithemes Eventer…

Medium

CVE-2024-11132

The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and incl…

Medium

CVE-2024-11134

The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '…