CVE-2024-10799

The Eventer plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.9.7 via the eventer_woo_download_tickets() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
Configurations

Configuration 1 (hide)

cpe:2.3:a:imithemes:eventer:*:*:*:*:*:wordpress:*:*

History

05 Jun 2025, 15:23

Type Values Removed Values Added
References () https://codecanyon.net/item/eventer-wordpress-event-manager-plugin/20972534 - () https://codecanyon.net/item/eventer-wordpress-event-manager-plugin/20972534 - Product
References () https://www.wordfence.com/threat-intel/vulnerabilities/id/aea5f970-243f-4642-83e1-34db11c4ca63?source=cve - () https://www.wordfence.com/threat-intel/vulnerabilities/id/aea5f970-243f-4642-83e1-34db11c4ca63?source=cve - Third Party Advisory
Summary
  • (es) El complemento Eventer para WordPress es vulnerable a Directory Traversal en todas las versiones hasta la 3.9.7 incluida a través de la función eventer_woo_download_tickets(). Esto permite que atacantes autenticados, con acceso de nivel de suscriptor y superior, lean el contenido de archivos arbitrarios en el servidor, que pueden contener información confidencial.
First Time Imithemes
Imithemes eventer
CPE cpe:2.3:a:imithemes:eventer:*:*:*:*:*:wordpress:*:*

17 Jan 2025, 06:15

Type Values Removed Values Added
New CVE

Information

Published : 2025-01-17 06:15

Updated : 2025-06-05 15:23


NVD link : CVE-2024-10799

Mitre link : CVE-2024-10799

CVE.ORG link : CVE-2024-10799


JSON object : View

Products Affected

imithemes

  • eventer
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')