CVE-2024-1319

CVE-2024-1319 · Severity

The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. (e.g. draft, private, pending review, password-protected, and trashed posts).

Learn more about our Wordpress Pen Testing.