Search

Find a vulnerability

Search criteria

    2 vulnerabilities found for HT Event – WordPress Event Manager Plugin for Elementor by devitemsllc

    CVE-2024-13216 (GCVE-0-2024-13216)

    Vulnerability from nvd – Published: 2025-01-31 05:22 – Updated: 2026-04-08 16:36
    VLAI
    Title
    HT Event – WordPress Event Manager Plugin for Elementor <= 1.4.7 - Authenticated (Contributor+) Sensitive Information Exposure via HT Event: Sponsor
    Summary
    The HT Event – WordPress Event Manager Plugin for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.7 via the 'render' function in /includes/widgets/htevent_sponsor.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
    Assigner
    Impacted products
    Credits
    Ankit Patel
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-13216",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-31T15:36:47.083258Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-10T22:07:42.735Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HT Event \u2013 WordPress Event Manager Plugin for Elementor",
              "vendor": "devitemsllc",
              "versions": [
                {
                  "lessThanOrEqual": "1.4.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ankit Patel"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The HT Event \u2013 WordPress Event Manager Plugin for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.7 via the \u0027render\u0027 function in /includes/widgets/htevent_sponsor.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-359",
                  "description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:36:56.336Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/155f494b-be25-4269-9d3b-379309619bbe?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3233664%40ht-event\u0026new=3233664%40ht-event\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-01-30T16:49:09.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "HT Event \u2013 WordPress Event Manager Plugin for Elementor \u003c= 1.4.7 - Authenticated (Contributor+) Sensitive Information Exposure via HT Event: Sponsor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-13216",
        "datePublished": "2025-01-31T05:22:32.906Z",
        "dateReserved": "2025-01-08T17:53:52.031Z",
        "dateUpdated": "2026-04-08T16:36:56.336Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }

    CVE-2024-13216 (GCVE-0-2024-13216)

    Vulnerability from cvelistv5 – Published: 2025-01-31 05:22 – Updated: 2026-04-08 16:36
    VLAI
    Title
    HT Event – WordPress Event Manager Plugin for Elementor <= 1.4.7 - Authenticated (Contributor+) Sensitive Information Exposure via HT Event: Sponsor
    Summary
    The HT Event – WordPress Event Manager Plugin for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.7 via the 'render' function in /includes/widgets/htevent_sponsor.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data.
    SSVC
    Exploitation: none Automatable: no Technical Impact: partial
    CISA Coordinator (v2.0.3)
    CWE
    • CWE-359 - Exposure of Private Personal Information to an Unauthorized Actor
    Assigner
    Impacted products
    Credits
    Ankit Patel
    Show details on NVD website

    {
      "containers": {
        "adp": [
          {
            "metrics": [
              {
                "other": {
                  "content": {
                    "id": "CVE-2024-13216",
                    "options": [
                      {
                        "Exploitation": "none"
                      },
                      {
                        "Automatable": "no"
                      },
                      {
                        "Technical Impact": "partial"
                      }
                    ],
                    "role": "CISA Coordinator",
                    "timestamp": "2025-01-31T15:36:47.083258Z",
                    "version": "2.0.3"
                  },
                  "type": "ssvc"
                }
              }
            ],
            "providerMetadata": {
              "dateUpdated": "2025-02-10T22:07:42.735Z",
              "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
              "shortName": "CISA-ADP"
            },
            "title": "CISA ADP Vulnrichment"
          }
        ],
        "cna": {
          "affected": [
            {
              "defaultStatus": "unaffected",
              "product": "HT Event \u2013 WordPress Event Manager Plugin for Elementor",
              "vendor": "devitemsllc",
              "versions": [
                {
                  "lessThanOrEqual": "1.4.7",
                  "status": "affected",
                  "version": "0",
                  "versionType": "semver"
                }
              ]
            }
          ],
          "credits": [
            {
              "lang": "en",
              "type": "finder",
              "value": "Ankit Patel"
            }
          ],
          "descriptions": [
            {
              "lang": "en",
              "value": "The HT Event \u2013 WordPress Event Manager Plugin for Elementor plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.4.7 via the \u0027render\u0027 function in /includes/widgets/htevent_sponsor.php. This makes it possible for authenticated attackers, with Contributor-level access and above, to extract sensitive private, pending, scheduled, and draft template data."
            }
          ],
          "metrics": [
            {
              "cvssV3_1": {
                "baseScore": 4.3,
                "baseSeverity": "MEDIUM",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
                "version": "3.1"
              }
            }
          ],
          "problemTypes": [
            {
              "descriptions": [
                {
                  "cweId": "CWE-359",
                  "description": "CWE-359 Exposure of Private Personal Information to an Unauthorized Actor",
                  "lang": "en",
                  "type": "CWE"
                }
              ]
            }
          ],
          "providerMetadata": {
            "dateUpdated": "2026-04-08T16:36:56.336Z",
            "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
            "shortName": "Wordfence"
          },
          "references": [
            {
              "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/155f494b-be25-4269-9d3b-379309619bbe?source=cve"
            },
            {
              "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=\u0026sfph_mail=\u0026reponame=\u0026old=3233664%40ht-event\u0026new=3233664%40ht-event\u0026sfp_email=\u0026sfph_mail="
            }
          ],
          "timeline": [
            {
              "lang": "en",
              "time": "2025-01-30T16:49:09.000Z",
              "value": "Disclosed"
            }
          ],
          "title": "HT Event \u2013 WordPress Event Manager Plugin for Elementor \u003c= 1.4.7 - Authenticated (Contributor+) Sensitive Information Exposure via HT Event: Sponsor"
        }
      },
      "cveMetadata": {
        "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "assignerShortName": "Wordfence",
        "cveId": "CVE-2024-13216",
        "datePublished": "2025-01-31T05:22:32.906Z",
        "dateReserved": "2025-01-08T17:53:52.031Z",
        "dateUpdated": "2026-04-08T16:36:56.336Z",
        "state": "PUBLISHED"
      },
      "dataType": "CVE_RECORD",
      "dataVersion": "5.2"
    }