{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2024-1053", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2024-01-29T20:46:49.355Z", "datePublished": "2024-02-22T05:32:49.364Z", "dateUpdated": "2026-04-08T17:13:40.346Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:13:40.346Z"}, "affected": [{"vendor": "stellarwp", "product": "Event Tickets and Registration", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.8.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to email the attendees list to themselves."}], "title": "Event Tickets and Registration <= 5.8.1 - Missing Authorization", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a7839847-2637-4a0d-bfc1-5f80b8433e24?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3038150/event-tickets/tags/5.8.2/src/Tickets/Commerce/Reports/Attendees.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-284 Improper Access Control", "cweId": "CWE-284", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Daffa"}], "timeline": [{"time": "2024-02-21T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1053", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-22T16:18:40.325327Z"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T17:21:54.518Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.353Z"}, "title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a7839847-2637-4a0d-bfc1-5f80b8433e24?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3038150/event-tickets/tags/5.8.2/src/Tickets/Commerce/Reports/Attendees.php", "tags": ["x_transferred"]}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a7839847-2637-4a0d-bfc1-5f80b8433e24?source=cve", "tags": ["x_transferred"]}, {"url": "https://plugins.trac.wordpress.org/changeset/3038150/event-tickets/tags/5.8.2/src/Tickets/Commerce/Reports/Attendees.php", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-01T18:26:30.353Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-1053", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-02-22T16:18:40.325327Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-05T15:20:40.547Z"}}], "cna": {"title": "Event Tickets and Registration <= 5.8.1 - Missing Authorization", "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Daffa"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N"}}], "affected": [{"vendor": "stellarwp", "product": "Event Tickets and Registration", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "5.8.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2024-02-21T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a7839847-2637-4a0d-bfc1-5f80b8433e24?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3038150/event-tickets/tags/5.8.2/src/Tickets/Commerce/Reports/Attendees.php"}], "descriptions": [{"lang": "en", "value": "The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to email the attendees list to themselves."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284 Improper Access Control"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:13:40.346Z"}}}, "cveMetadata": {"cveId": "CVE-2024-1053", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:13:40.346Z", "dateReserved": "2024-01-29T20:46:49.355Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2024-02-22T05:32:49.364Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:liquidweb:event_tickets:*:*:*:*:free:wordpress:*:*", "matchCriteriaId": "95CAAF71-8C53-4425-B424-3E6CCF952148", "versionEndExcluding": "5.8.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to email the attendees list to themselves."}, {"lang": "es", "value": "El complemento Event Tickets and Registration para WordPress es vulnerable al acceso no autorizado a los datos debido a una falta de verificaci\u00f3n de capacidad en la acci\u00f3n 'email' en todas las versiones hasta la 5.8.1 incluida. Esto hace posible que los atacantes autenticados, con acceso de nivel de colaborador y superior, se env\u00eden por correo electr\u00f3nico la lista de asistentes."}], "id": "CVE-2024-1053", "lastModified": "2026-04-08T19:20:30.867", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2024-02-22T06:15:57.703", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3038150/event-tickets/tags/5.8.2/src/Tickets/Commerce/Reports/Attendees.php"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a7839847-2637-4a0d-bfc1-5f80b8433e24?source=cve"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3038150/event-tickets/tags/5.8.2/src/Tickets/Commerce/Reports/Attendees.php"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a7839847-2637-4a0d-bfc1-5f80b8433e24?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security@wordfence.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Secondary"}]}

{}

{}