CVE-2024-11134

Medium CVSS: 4.3

The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'eventer_export_bookings_csv' function in all versions up to, and including, 3.9.9. This makes it possible for authenticated attackers with subscriber-level permissions or above, to download bookings, which contains customers' personal data.

Vendor

Imithemes

Product

Eventer

CWE

CWE-862

Yayın Tarihi

2025-02-03 20:15:32

Güncelleme

2025-03-04 16:32:22

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-862 Eventer MEDIUM Imithemes 2025

Referanslar

https://codecanyon.net/item/eventer-wordpress-event-manager-plugin/20972534 https://www.wordfence.com/threat-intel/vulnerabilities/id/476bc092-c623-4caf-9676-3036d27c4840?source=cve

Benzer Kayıtlar

Critical

CVE-2025-39481

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in imithemes Eventer…

High

CVE-2025-39482

Missing Authorization vulnerability in imithemes Eventer eventer allows Exploiting Incorrectly Configured Access Control…

High

CVE-2025-0959

The Eventer - WordPress Event & Booking Manager Plugin plugin for WordPress is vulnerable to SQL Injection via the reg_i…

Medium

CVE-2025-22635

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in imithemes Eventer…

Medium

CVE-2024-11132

The Eventer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and incl…

Medium

CVE-2024-11133

The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the '…