Unauthorized Access to Private or Password-Protected Events Due to Missing Authorization Checks in EventPrime Plugin
CVE-2024-8369
5.3MEDIUM
Key Information:
- Vendor
Wordpress
- Vendor
- CVE Published:
- 10 September 2024
What is CVE-2024-8369?
The Events Calendar, Bookings and Tickets plugin for WordPress has a security vulnerability that compromises private and password-protected events. Versions up to and including 4.0.4.3 lack proper authorization checks, enabling unauthorized individuals to access sensitive event information without the need for authentication. This could result in unwanted exposure of private event details, potentially affecting user privacy and data security.
Affected Version(s)
EventPrime – Events Calendar, Bookings and Tickets * <= 4.0.4.3