2025-02-03 19:22:43
Wordfence
PUBLISHED
The Eventer plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_pdf_download_request function in all versions up to, and including, 3.9.9. This makes it possible for unauthenticated attackers to download event tickets.