Unauthorized Data Access in EventPrime Events Calendar Plugin for WordPress
CVE-2024-13526
4.3MEDIUM
Key Information:
- Vendor
WordPress
- Vendor
- CVE Published:
- 7 March 2025
What is CVE-2024-13526?
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is susceptible to unauthorized data exposure. This vulnerability arises from insufficient capability checks on the export_submission_attendees function, which can allow authenticated users with Subscriber-level access or higher to download attendee information for any event. This poses a significant risk of data misuse and privacy violations for site administrators and event organizers.
Affected Version(s)
EventPrime – Events Calendar, Bookings and Tickets * <= 4.0.7.3