cleantalk
Vulnerabilities and Security Researches

Event Monster – Event Management, Tickets Booking, Upcoming Event, CVE-2024-11396

CVE, Research URL

CVE-2024-11396

Home page URL

Security reports for Event Monster – Event Management, Tickets Booking, Upcoming Event

Application

Event Monster – Event Management, Tickets Booking, Upcoming Event

Published on
Jan 14, 2025
Research Description
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename that is publicly accessible. This makes it possible for unauthenticated attackers to extract data about event visitors, that includes first and last names, email, and phone number.
Affected versions
max 1.4.4.
Status
vulnerable
Previous vulnerability researches
Event Monster – Event Management, Tickets Booking, Upcoming Event (CVE-2024-11396) , Jan 14, 2025
Event Monster – Event Management, Tickets Booking, Upcoming Event (CVE-2024-5059) , Jun 24, 2024
Event Monster – Event Management, Tickets Booking, Upcoming Event (CVE-2026-8608) , Jun 08, 2026
Event Monster – Event Management, Tickets Booking, Upcoming Event (CVE-2022-3336) , Jun 06, 2024
Event Monster – Event Management, Tickets Booking, Upcoming Event (CVE-2022-3720) , Jun 06, 2024
New vulnerability
Simple SEO Slideshow (CVE-2026-8900) , Jun 08, 2026
LearnPress Export Import – WordPress extension for LearnPress (CVE-2026-7565) , Jun 08, 2026
LearnPress Export Import – WordPress extension for LearnPress (CVE-2026-7566) , Jun 08, 2026
Event Monster – Event Management, Tickets Booking, Upcoming Event (CVE-2026-8608) , Jun 08, 2026
Click to Chat – HoliThemes (CVE-2026-7795) , Jun 07, 2026