Exposure of Sensitive Information to an Unauthorized Actor vulnerability in A WP Life Event Management Tickets Booking.This issue affects Event Management Tickets Booking: from n/a through...
7.5CVSS
5.2AI Score
0.001EPSS
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'event', 'location', and 'event_category' shortcodes in all versions up to, and including, 6.4.7.3 due to insufficient input sanitization and output...
6.4CVSS
5.7AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Reflected XSS.This issue affects Event Tickets with Ticket Scanner: from n/a through...
7.1CVSS
7.2AI Score
0.0005EPSS
Missing Authorization vulnerability in Joseph C Dolson My Tickets.This issue affects My Tickets: from n/a through...
7.5CVSS
6.9AI Score
0.0004EPSS
The Event Monster – Event Management, Tickets Booking, Upcoming Event plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.3.4 via deserialization via shortcode of untrusted input from a custom meta value. This makes it possible for authenticated...
7.5CVSS
9.3AI Score
0.001EPSS
The Event Tickets and Registration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.8.2 via the RSVP functionality. This makes it possible for authenticated attackers, with contributor access and above, to extract sensitive data including....
4.3CVSS
9AI Score
0.0004EPSS
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the physical location value in all versions up to, and including, 6.4.7.1 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
7.5AI Score
0.0004EPSS
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 6.4.7.1. This is due to missing or incorrect nonce validation on several actions. This makes it possible for unauthenticated attackers.....
4.3CVSS
8.9AI Score
0.0004EPSS
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 3.4.2. This is due to the plugin allowing unauthenticated users to update the status of order payments. This makes it possible for unauthenticated...
5.3CVSS
6.2AI Score
0.0004EPSS
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_attendees_email_by_event_id() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated...
5.3CVSS
5.9AI Score
0.0004EPSS
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the booking_export_all() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with...
4.3CVSS
5.2AI Score
0.0004EPSS
The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the plugin parameter in all versions up to, and including, 3.1.41 due to insufficient input sanitization and output escaping. This makes it.....
6.1CVSS
6.4AI Score
0.0004EPSS
The Events Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 6.4.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions....
4.4CVSS
5AI Score
0.0004EPSS
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized email sending due to a missing capability check on the ep_send_attendees_email() function in all versions up to, and including, 3.4.1. This makes it possible for authenticated attackers, with.....
4.3CVSS
5.3AI Score
0.0004EPSS
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the calendar_events_delete() function in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers, with...
6.5CVSS
6.8AI Score
0.0004EPSS
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'offline_status' parameter in all versions up to, and including, 3.4.3 due to insufficient input sanitization and output escaping. This makes it possible for...
6.5CVSS
6.3AI Score
0.0004EPSS
The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_frontend_event_submission() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated...
6.5CVSS
6.9AI Score
0.0004EPSS
The Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the attendees list on any post type regardless of status. (e.g. draft, private, pending review, password-protected, and trashed...
6.7AI Score
0.0004EPSS
The Event Tickets and Registration WordPress plugin before 5.8.1, Events Tickets Plus WordPress plugin before 5.9.1 does not prevent users with at least the contributor role from leaking the existence of certain events they shouldn't have access to. (e.g. draft, private, pending review,...
6.7AI Score
0.0004EPSS
The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'email' action in all versions up to, and including, 5.8.1. This makes it possible for authenticated attackers, with contributor-level access and above, to.....
4.3CVSS
5.2AI Score
0.0004EPSS
Deserialization of Untrusted Data vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin.This issue affects Event Manager and Tickets Selling Plugin for WooCommerce – WpEvently – WordPress Plugin: from n/a through...
8.2CVSS
8.8AI Score
0.0004EPSS
The Event Manager, Events Calendar, Events Tickets for WooCommerce – Eventin plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the export_data() function in all versions up to, and including, 3.3.50. This makes it possible for unauthenticated...
5.3CVSS
6AI Score
0.0005EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in A WP Life Event Monster – Event Management, Tickets Booking, Upcoming Event allows Stored XSS.This issue affects Event Monster – Event Management, Tickets Booking, Upcoming Event: from n/a through....
5.9CVSS
5.8AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce allows Stored XSS.This issue affects WP Event Manager – Events Calendar, Registrations, Sell...
5.9CVSS
5.8AI Score
0.0004EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in WP Event Manager WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin <= 3.1.39...
7.1CVSS
6AI Score
0.0005EPSS
Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in EventPrime EventPrime – Events Calendar, Bookings and Tickets plugin <= 3.1.5...
7.1CVSS
6AI Score
0.0005EPSS
The WP Event Manager – Events Calendar, Registrations, Sell Tickets with WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in versions up to, and including, 3.1.37.1 due to insufficient input sanitization and output escaping. This makes it possible...
4.8CVSS
4.8AI Score
0.0005EPSS
Auth. (editor+) Stored Cross-Site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 3.9.5...
5.9CVSS
5.2AI Score
0.0005EPSS
Cross-Site Request Forgery (CSRF) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 3.7.7...
8.8CVSS
8.8AI Score
0.001EPSS
Auth. (admin+) Stored Cross-site Scripting (XSS) vulnerability in MagePeople Team Event Manager and Tickets Selling Plugin for WooCommerce <= 3.8.6....
5.9CVSS
5.1AI Score
0.001EPSS
Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Tickets plugin <= 1.9.10...
8.8CVSS
8.8AI Score
0.001EPSS
The Event Manager and Tickets Selling Plugin for WooCommerce WordPress plugin before 3.8.0 does not validate and escape some of its post meta before outputting them back in a page/post, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.4CVSS
5.3AI Score
0.001EPSS
The Event Manager and Tickets Selling for WooCommerce WordPress plugin before 3.5.8 does not validate and escape the post_author_gutenberg parameter before using it in a SQL statement when creating/editing events, which could allow users with a role as low as contributor to perform SQL Injection...
8.8CVSS
9AI Score
0.001EPSS
The Event Tickets WordPress plugin before 5.2.2 does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect...
6.1CVSS
6.3AI Score
0.001EPSS
The My Tickets WordPress plugin before 1.8.31 does not properly sanitise and escape the Email field of booked tickets before outputting it in the Payment admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against...
6.1CVSS
6AI Score
0.002EPSS
The sola-support-tickets plugin before 3.13 for WordPress has incorrect access control for /wp-admin with resultant...
5.4CVSS
5.6AI Score
0.001EPSS
CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees...
8.8CVSS
8.8AI Score
0.044EPSS
The mintToken function of a smart contract implementation for tickets (TKT), an Ethereum token, has an integer overflow that allows the owner of the contract to set the balance of an arbitrary user to any...
7.5CVSS
7.7AI Score
0.001EPSS
SQL Injection exists in the JSP Tickets 1.1 component for Joomla! via the ticketcode parameter in a ticketlist edit action, or the id parameter in a statuslist (or prioritylist) edit...
9.8CVSS
9.8AI Score
0.003EPSS
Cross-site scripting (XSS) vulnerability in the Event Import page (import-eventbrite-events.php) in the Modern Tribe Eventbrite Tickets plugin before 3.10.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "error" parameter to...
6AI Score
0.004EPSS
The MB Tickets (aka com.xcr.android.mbtickets) application 3.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6AI Score
0.0005EPSS
The Buy Tickets (aka com.xcr.android.buytickets) application 2.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted...
6AI Score
0.0005EPSS
PHP remote file inclusion vulnerability in admin/lib_action_step.php in Hot Open Tickets (HOT) 11012004_ver2f, when register_globals is enabled, allows remote attackers to include arbitrary files via the GLOBALS[CLASS_PATH] parameter. NOTE: this issue might be resultant from a global overwrite...
6.8AI Score
0.093EPSS
Multiple SQL injection vulnerabilities in index.php in PHP Support Tickets 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password fields, and (3) id...
8.8AI Score
0.008EPSS