CVE-2024-1127: CWE-862 Missing Authorization in metagauss EventPrime – Events Calendar, Bookings and Tickets
CVE-2024-1127 is a medium severity vulnerability in the EventPrime – Events Calendar, Bookings and Tickets WordPress plugin up to version 3. 4. 1. It involves a missing authorization check in the booking_export_all() function, allowing authenticated users with subscriber-level access or higher to export all event booking data. This data may include personally identifiable information (PII), posing a privacy risk. The vulnerability does not require user interaction and can be exploited remotely with low complexity. There are no known exploits in the wild yet. Organizations using this plugin should apply patches or restrict access to mitigate data exposure risks. The vulnerability affects all versions of the plugin and is relevant worldwide wherever this plugin is used, especially in countries with high WordPress adoption and event management needs.
AI Analysis
Technical Summary
CVE-2024-1127 is a vulnerability classified under CWE-862 (Missing Authorization) found in the EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress. The flaw exists in the booking_export_all() function, which lacks proper capability checks to verify if the requesting user has sufficient privileges to export all event booking data. As a result, any authenticated user with subscriber-level access or above can exploit this vulnerability to retrieve comprehensive booking information, including potentially sensitive personally identifiable information (PII) such as names, contact details, and booking specifics. The vulnerability affects all versions of the plugin up to and including 3.4.1. The CVSS v3.1 base score is 4.3, indicating a medium severity level, with an attack vector of network (remote), low attack complexity, requiring privileges (authenticated user), no user interaction, and limited impact on confidentiality (partial data disclosure), no impact on integrity or availability. No patches have been linked yet, and no active exploitation has been reported. This vulnerability is critical for organizations relying on this plugin for event management as it can lead to unauthorized data disclosure and potential privacy violations.
Potential Impact
The primary impact of this vulnerability is unauthorized disclosure of event booking data, which may contain sensitive personal information. This can lead to privacy breaches, regulatory compliance issues (such as GDPR or CCPA violations), and reputational damage for organizations managing events. Attackers with subscriber-level access, which is a low privilege level in WordPress, can access data beyond their authorization scope, undermining trust in the platform's security. Although the vulnerability does not affect data integrity or availability, the exposure of PII can facilitate further attacks such as phishing, social engineering, or identity theft. Organizations using this plugin in sectors like education, entertainment, conferences, and public events are particularly at risk. The vulnerability's ease of exploitation and the widespread use of WordPress make this a notable concern globally.
Mitigation Recommendations
To mitigate this vulnerability, organizations should immediately update the EventPrime plugin to a patched version once available. Until a patch is released, administrators should restrict user roles and permissions, ensuring that only trusted users have subscriber-level or higher access. Implementing strict access controls and monitoring user activities related to event booking exports can help detect and prevent exploitation. Additionally, consider disabling the booking export functionality if it is not essential. Employing web application firewalls (WAFs) to detect and block suspicious requests targeting the booking_export_all() function can provide temporary protection. Regularly audit plugins for vulnerabilities and maintain an inventory of installed WordPress extensions to quickly respond to emerging threats. Finally, educate users about the risks of unauthorized data access and enforce strong authentication policies.
Affected Countries
United States, United Kingdom, Canada, Australia, Germany, France, India, Brazil, Japan, Netherlands, South Africa, Italy
CVE-2024-1127: CWE-862 Missing Authorization in metagauss EventPrime – Events Calendar, Bookings and Tickets
Description
CVE-2024-1127 is a medium severity vulnerability in the EventPrime – Events Calendar, Bookings and Tickets WordPress plugin up to version 3. 4. 1. It involves a missing authorization check in the booking_export_all() function, allowing authenticated users with subscriber-level access or higher to export all event booking data. This data may include personally identifiable information (PII), posing a privacy risk. The vulnerability does not require user interaction and can be exploited remotely with low complexity. There are no known exploits in the wild yet. Organizations using this plugin should apply patches or restrict access to mitigate data exposure risks. The vulnerability affects all versions of the plugin and is relevant worldwide wherever this plugin is used, especially in countries with high WordPress adoption and event management needs.
AI-Powered Analysis
Technical Analysis
CVE-2024-1127 is a vulnerability classified under CWE-862 (Missing Authorization) found in the EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress. The flaw exists in the booking_export_all() function, which lacks proper capability checks to verify if the requesting user has sufficient privileges to export all event booking data. As a result, any authenticated user with subscriber-level access or above can exploit this vulnerability to retrieve comprehensive booking information, including potentially sensitive personally identifiable information (PII) such as names, contact details, and booking specifics. The vulnerability affects all versions of the plugin up to and including 3.4.1. The CVSS v3.1 base score is 4.3, indicating a medium severity level, with an attack vector of network (remote), low attack complexity, requiring privileges (authenticated user), no user interaction, and limited impact on confidentiality (partial data disclosure), no impact on integrity or availability. No patches have been linked yet, and no active exploitation has been reported. This vulnerability is critical for organizations relying on this plugin for event management as it can lead to unauthorized data disclosure and potential privacy violations.
Potential Impact
The primary impact of this vulnerability is unauthorized disclosure of event booking data, which may contain sensitive personal information. This can lead to privacy breaches, regulatory compliance issues (such as GDPR or CCPA violations), and reputational damage for organizations managing events. Attackers with subscriber-level access, which is a low privilege level in WordPress, can access data beyond their authorization scope, undermining trust in the platform's security. Although the vulnerability does not affect data integrity or availability, the exposure of PII can facilitate further attacks such as phishing, social engineering, or identity theft. Organizations using this plugin in sectors like education, entertainment, conferences, and public events are particularly at risk. The vulnerability's ease of exploitation and the widespread use of WordPress make this a notable concern globally.
Mitigation Recommendations
To mitigate this vulnerability, organizations should immediately update the EventPrime plugin to a patched version once available. Until a patch is released, administrators should restrict user roles and permissions, ensuring that only trusted users have subscriber-level or higher access. Implementing strict access controls and monitoring user activities related to event booking exports can help detect and prevent exploitation. Additionally, consider disabling the booking export functionality if it is not essential. Employing web application firewalls (WAFs) to detect and block suspicious requests targeting the booking_export_all() function can provide temporary protection. Regularly audit plugins for vulnerabilities and maintain an inventory of installed WordPress extensions to quickly respond to emerging threats. Finally, educate users about the risks of unauthorized data access and enforce strong authentication policies.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2024-01-31T14:21:55.407Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 699f6d22b7ef31ef0b56e3c3
Added to database: 2/25/2026, 9:44:02 PM
Last enriched: 2/26/2026, 9:17:08 AM
Last updated: 2/26/2026, 11:14:41 AM
Views: 1
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Related Threats
CVE-2025-64999: CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in Checkmk GmbH Checkmk
HighCVE-2026-28138: Deserialization of Untrusted Data in Stylemix uListing
HighCVE-2026-28136: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in VeronaLabs WP SMS
HighCVE-2026-28132: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) in villatheme WooCommerce Photo Reviews
HighCVE-2026-28131: Insertion of Sensitive Information Into Sent Data in WPVibes Elementor Addon Elements
HighActions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console in Console -> Billing for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.