CVE-2024-1319 Information

Description

The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. (e.g. draft private pending review password-protected and trashed posts).

Reference

https://wpscan.com/vulnerability/5904dc7e-1058-4c40-bca3-66ba57b1414b/