What the vulnerability does
01Description
Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects WpEvently: from n/a through < 5.1.9.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
What the vulnerability does
Insertion of Sensitive Information Into Sent Data vulnerability in magepeopleteam WpEvently mage-eventpress allows Retrieve Embedded Sensitive Data.This issue affects WpEvently: from n/a through < 5.1.9.
Explanation of Vulnerability in Simple Terms
WpEvently versions 5.1.9 and earlier expose sensitive information to unauthenticated attackers over the network. An attacker can read data that should be restricted, such as event details or user information, without needing to log in or interact with a victim. The vulnerability stems from insufficient access controls on data exposure.
What an attacker can do
Read sensitive event or user data without authentication.
Potential impact on your site
Confidential event information or user data may be visible to anyone on the internet.
Conditions required to exploit
Network access to the site; no authentication or user interaction required.
Key dates
External resources
Related vulnerabilities