CVE-2021-24797 Tickera < 3.4.8.3 - Unauthenticated Stored Cross-Site Scripting

2021-12-2710:33:19

CWE-79

WPScan

www.cve.org

tickera wordpress plugin

cross-site scripting

unauthenticated users

orders admin dashboard

cve-2021-24797

EPSS

0.002

Percentile

55.5%

JSON

The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.

CNA Affected

[
  {
    "product": "Tickera – WordPress Event Ticketing",
    "vendor": "Unknown",
    "versions": [
      {
        "lessThan": "3.4.8.3",
        "status": "affected",
        "version": "3.4.8.3",
        "versionType": "custom"
      }
    ]
  }
]

References

wpscan.com/vulnerability/0eb07cc8-8a19-4e01-ab90-844495413453

EPSS

0.002

Percentile

55.5%

JSON

Related for CVELIST:CVE-2021-24797