CVE-2024-1122 MEDIUM

CVE-2024-1122: Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin <= 3.3.50 - Missing Authorization to Unauthenticated Events Export

Vendor Arraytics
Product Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)
Weakness CWE-862 · Missing authorization
Published February 9, 2024
Last update April 8, 2026
View on NVD All CVEs

CVSS base score

5.3/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality Low
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

What the vulnerability does

01Description

The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated attackers to export event data.

Key dates

02Disclosure timeline

February 9, 2024 CVE published
April 8, 2026 Record updated

Related vulnerabilities

04Related CVE

CVE-2026-25336 WordPress Coachify theme <= 1.1.5 - Broken Access Control vulnerability CVE-2024-5607 GDPR CCPA Compliance & Cookie Consent Banner <= 2.7.0 - Missing Authorization to Settings Update and Stored Cross-Site Scripting CVE-2026-33761 AVideo: Unauthenticated Access to Scheduler Plugin Endpoints Leaks Scheduled Tasks, Email Content, and User Mappings CVE-2021-24997 WP Guppy < 1.3 - Sensitive Information Disclosure CVE-2025-69023 WordPress Discussion Board plugin <= 2.5.7 - Broken Access Control vulnerability