What is CVE-2024-11396?

CVE-2024-11396 is a medium-severity vulnerability in Awordpresslife Event Monster – Manager & Ticket Booking, classified under Exposure of Private Personal Information to an Unauthorized Actor. CVSS score: 5.3/10. Published 2025-01-13.

How severe is CVE-2024-11396?

Medium severity. CVSS v3 base score is 5.3 out of 10.

Is CVE-2024-11396 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Awordpresslife Event Monster – Manager & Ticket Booking

CVE-2024-11396

The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file i…

EPSS: 0.603 (98.3th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 5.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N.

Affected products

Awordpresslife Event Monster – Manager & Ticket Booking — versions 0

Weakness classification (CWE)

CWE-359 — Exposure of Private Personal Information to an Unauthorized Actor

Public proof-of-concept exploits

References

Frequently asked questions

What is CVE-2024-11396?: CVE-2024-11396 is a medium-severity vulnerability in Awordpresslife Event Monster – Manager & Ticket Booking, classified under Exposure of Private Personal Information to an Unauthorized Actor. CVSS score: 5.3/10. Published 2025-01-13.
How severe is CVE-2024-11396?: Medium severity. CVSS v3 base score is 5.3 out of 10.
Is CVE-2024-11396 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.