CVE-2024-2110
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers to modify booking statuses via a forged request granted they can trick a site administrator into performing an action such as clicking on a link.
We have discovered 11,858 live websites that are affected by CVE-2024-2110.
Affected Software
| Product | |
| Category | Wordpress Plugins |
| Vulnerable Domains | 11,858 live websites (30.88% of Events Manager for WordPress install base) |
| Vulnerable Versions |
|
| Vulnerable Versions Count | 83 versions ( 71.55% of all versions) |
Details
- Published - Mar 28, 2024
- Updated - Aug 1, 2024
Credits
- Tim Coen (finder)
CVE References
CVE-2024-2110 usage by Country
 United States | 3,437 websites |
 Germany | 2,211 websites |
 France | 1,096 websites |
 GB | 464 websites |
 Netherlands | 462 websites |
 Italy | 395 websites |
 Japan | 377 websites |
 Switzerland | 279 websites |
 Spain | 264 websites |
 Poland | 193 websites |
CVE-2024-2110 usage by TLD
| .com | 3,395 websites |
| .de | 1,438 websites |
| .org | 1,434 websites |
| .fr | 503 websites |
| .nl | 441 websites |
| .it | 332 websites |
| .co.uk | 260 websites |
| .net | 249 websites |
| .ch | 239 websites |
| .at | 200 websites |
Vulnerable Versions
Vulnerable versions are highlighted in redWebsites affected by CVE-2024-2110
Top websites that are affected by CVE-2024-2110. Please click on the "Contact us" link to get more information.| Domain | Country | Rank | Contacts |
|---|---|---|---|
| ****.*******.**********.it | Italy | **,*** | |
| *********.*******.org | United States | **,*** | |
| ******.***.uk | United States | **,*** | |
| *******.org | United States | **,*** | |
| ********.org | United States | **,*** | |
| *****.***.edu | United States | **,*** | |
| ****.**.in | United States | **,*** | |
| ********************.com | United States | **,*** | |
| *************.cat | Spain | ***,*** | |
| **************.it | Italy | ***,*** |
FAQ
A total of 11,858 websites have been identified as vulnerable to CVE-2024-2110, discovered through global website indexing conducted by WebTechSurvey.
Events Manager for WordPress is susceptible to CVE-2024-2110 vulnerability.
Events Manager for WordPress versions before, and including, 6.4.7.1 are vulnerable to CVE-2024-2110.