WordPress Event Tickets < 5.2.2 - Open Redirect

WordPress Event Tickets 5.2.2 is susceptible to an open redirect vulnerability. The plugin does not validate the tribeticketsredirectto parameter before redirecting the user to the given value, leading to an arbitrary redirect issue. id: CVE-2021-25028 info: name: WordPress Event Tickets 5.2.2 -...

WordPress Event Tickets plugin <= 5.27.5 - Bypass Vulnerability vulnerability

Bypass Vulnerability vulnerability discovered by endy in WordPress Plugin Event Tickets versions = 5.27.5...

CVE-2019-16120

CSV injection in the event-tickets Event Tickets plugin before 4.10.7.2 for WordPress exists via the "All Post Ticketed Attendees" Export Attendees feature...

EUVD-2025-35381

Missing Authorization vulnerability in StellarWP Event Tickets event-tickets.This issue affects Event Tickets: from n/a through = 5.26.3...

CVE-2025-62027

Missing Authorization vulnerability in StellarWP Event Tickets event-tickets.This issue affects Event Tickets: from n/a through = 5.26.3...

CVE-2025-11517

CVE-2025-11517 affects the WordPress plugin “Event Tickets and Registration” (

WordPress Event Tickets and Registration plugin <= 5.26.5 - Unauthenticated Ticket Payment Bypass vulnerability

Unauthenticated Ticket Payment Bypass vulnerability discovered by Jack Pas Dark. in WordPress Plugin Event Tickets versions = 5.26.5...

EUVD-2021-11940

Malware in sbrugna...

EUVD-2024-51613

Malicious code in bioql PyPI...

EUVD-2025-8550

Malicious code in bioql PyPI...

EUVD-2024-16828

Malicious code in bioql PyPI...

PT-2025-40502

Name of the Vulnerable Software and Affected Versions Event Tickets, RSVPs, Calendar versions up to and including 1.0.2 Description The Event Tickets, RSVPs, Calendar plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'ticket spot' shortcode. This is due to inadequate...

CVE-2021-25028

The Event Tickets WordPress plugin before 5.2.2 does not validate the tribeticketsredirectto parameter before redirecting the user to the given value, leading to an arbitrary redirect issue...

CVE-2024-6711

The Event Tickets with Ticket Scanner WordPress plugin before 2.3.8 does not sanitise and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks...

CVE-2024-6711 Event Tickets with Ticket Scanner < 2.3.8 - Admin+ Stored XSS

The Event Tickets with Ticket Scanner WordPress plugin before 2.3.8 does not sanitise and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks...

CVE-2024-6711 Event Tickets with Ticket Scanner < 2.3.8 - Admin+ Stored XSS

The Event Tickets with Ticket Scanner WordPress plugin before 2.3.8 does not sanitise and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks...

CVE-2025-1762

The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack...

CVE-2025-1762

CVE-2025-1762 concerns the WordPress plugin Event Tickets with Ticket Scanner prior to version 2.5.4. The root cause is missing CSRF protection when updating settings, enabling a logged-in attacker to cause settings changes via CSRF. Public sources (NVD, Red Hat, CVE lists) confirm the vulnerabil...

WordPress Event Tickets plugin <= 5.20.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by João Pedro S Alcântara Kinorth in WordPress Plugin Event Tickets versions = 5.20.0...

CVE-2025-1402

CVE-2025-1402 affects the WordPress Event Tickets and Registration plugin. A missing capability check in the ajax_ticket_delete function in all versions up to 5.19.1.1 allows authenticated attackers with Contributor+ access to delete arbitrary Attendee tickets, causing unauthorized data loss. The...