cleantalk
Vulnerabilities and Security Researches

EventPrime – Events Calendar, Bookings and Tickets, CVE-2024-1126

CVE, Research URL

CVE-2024-1126

Home page URL

Security reports for EventPrime – Events Calendar, Bookings and Tickets

Application

EventPrime – Events Calendar, Bookings and Tickets

Published on
Mar 13, 2024
Research Description
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_attendees_email_by_event_id() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with subscriber-level access and above, to to retrieve the attendees list for any event.
Affected versions
Min -, max 3.4.3.
Status
vulnerable
Previous vulnerability researches
EventPrime – Events Calendar, Bookings and Tickets (CVE-2024-9864) , May 07, 2025
EventPrime – Events Calendar, Bookings and Tickets (CVE-2024-8369) , Sep 11, 2024
EventPrime – Events Calendar, Bookings and Tickets (CVE-2024-47648) , Oct 03, 2024
EventPrime – Events Calendar, Bookings and Tickets (CVE-2024-9865) , Oct 25, 2024
EventPrime – Events Calendar, Bookings and Tickets (CVE-2024-12024) , Dec 18, 2024
New vulnerability
Xavin's List Subpages (CVE-2025-4220) , May 08, 2025
CarDealerPress (CVE-2025-3860) , May 08, 2025
Crossword Compiler Puzzles (CVE-2025-46493) , May 08, 2025
Frontend Dashboard (CVE-2025-4104) , May 08, 2025
Icegram Express – Email Marketing, Newsletters and Automation for WordPress & WooCommerce (CVE-2025-0671) , May 08, 2025