WordPress TicketSpot plugin <= 1.0.2 - Authenticated (Contributor+) Stored Cross-Site Scripting vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting vulnerability discovered by Gilang - DJ in WordPress Plugin TicketSpot versions = 1.0.2...

CVE-2025-9875

CVE-2025-9875 affects the WordPress plugin Event Tickets, RSVPs, Calendar (TicketSpot shortcode). The vulnerability is a Stored Cross‑Site Scripting (XSS) flaw caused by insufficient input sanitization and output escaping on user‑supplied attributes, present in all versions up to and including 1....