CVE-2024-13457 | theeventscalendar Event Tickets and Registration Plugin up to 5.18.1 on WordPress Object Reference tc-order-id access control

Inserito da Angelo Barbosa | Gen 30, 2025 | CVE

A vulnerability was found in theeventscalendar Event Tickets and Registration Plugin up to 5.18.1 on WordPress and classified as critical. This issue affects some unknown processing of the component Object Reference Handler. The manipulation of the argument tc-order-id leads to improper access controls.

The identification of this vulnerability is CVE-2024-13457. The attack may be initiated remotely. There is no exploit available.

CVE-2024-13457 | theeventscalendar Event Tickets and Registration Plugin up to 5.18.1 on WordPress Object Reference tc-order-id access control

Post correlati

CVE-2024-2889 | WP Lab WP-Lister Lite for Amazon Plugin up to 2.6.11 on WordPress cross site scripting

CVE-2024-26905 | Linux Kernel up to 6.1.82/6.6.22/6.7.10 btrfs space_info.c need_preemptive_reclaim race condition

CVE-2024-26786 | Linux Kernel up to 6.6.20/6.7.8 io_pagetable.c iopt_add_access memory corruption (f1fb745ee0a6/9526a46cc0c3/aeb004c0cd69)

CVE-2024-51764 | HPE SGI CXFS local/cluster improper authorization