CVE-2024-11396

MEDIUM NUCLEI

Event Monster < 1.4.3 - Unauthenticated Information Exposure via Visitors List Export

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2024-11396. PoCs published by iSee857, RandomRobbieBF. A Nuclei detection template is also available.

AI-analyzed exploit summary The repository contains a functional exploit for CVE-2024-11305, demonstrating SQL injection in Altenergy software. The PoC sends a crafted payload to the '/index.php/display/status_zigbee' endpoint and checks for a specific response pattern to confirm vulnerability.

Description

The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.3 via the Visitors List Export file. During the export, a CSV file is created in the wp-content folder with a hardcoded filename that is publicly accessible. This makes it possible for unauthenticated attackers to extract data about event visitors, that includes first and last names, email, and phone number.

Exploits (2)

github WORKING POC 40 stars

by iSee857 · pythonpoc

https://github.com/iSee857/CVE-PoC/tree/main/WordPress_CVE-2024-11396_DataBreach.py

View Code ZIP pw:eip

The repository contains a functional exploit for CVE-2024-11305, demonstrating SQL injection in Altenergy software. The PoC sends a crafted payload to the '/index.php/display/status_zigbee' endpoint and checks for a specific response pattern to confirm vulnerability.

Classification

Working Poc 95%

Attack Type

Sqli

Complexity

Moderate

Reliability

Reliable

Target: Altenergy (specific version not specified)

No auth needed

Prerequisites: Network access to the target · Target endpoint '/index.php/display/status_zigbee' must be accessible

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1059 - Command and Scripting Interpreter

devstral-2 · analyzed Feb 27, 2026 Full analysis →

nomisec WORKING POC

by RandomRobbieBF · poc

https://github.com/RandomRobbieBF/CVE-2024-11396

View Code ZIP pw:eip

The repository provides a functional proof-of-concept for CVE-2024-11396, demonstrating an information exposure vulnerability in the Event Monster WordPress plugin. The PoC exploits a hardcoded CSV file path to leak visitor data without authentication.

Classification

Working Poc 90%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress <= 1.4.3

No auth needed

Prerequisites: WordPress site with vulnerable plugin installed

MITRE ATT&CK

T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 18, 2026 Full analysis →

Nuclei Templates (1)

Event Monster <= 1.4.3 - Information Exposure Via Visitors List Export

MEDIUMVERIFIEDby s4e-io

Shodan: http.html:"wp-content/plugins/event-monster"

FOFA: body="wp-content/plugins/event-monster"

References (2)

Core 2

Core References

Product

https://plugins.trac.wordpress.org/browser/event-monster/tags/1.4.3/em-ajax-prossesing/em-visitor-ajax.php#L92

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/0f522dfe-f2c2-4adb-980c-1f03d3c26e12?source=cve

Scores

CVSS v3 5.3

EPSS 0.0194

EPSS Percentile 77.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-359

Status published

Products (2)

awordpresslife/Event Monster – Manager & Ticket Booking < 1.4.3

awplife/event_monster < 1.4.4

Published Jan 14, 2025

Tracked Since Feb 18, 2026