Lucene search
K

7 matches found

RedhatCVE
RedhatCVE
added 2026/06/05 7:39 p.m.10 views

CVE-2026-7421

The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the getshopurl method returning the shopname setting value without sanitization when it begins with "http", combined with insufficient validation in th...

4.4CVSS5.6AI score0.00208EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/03 12:30 a.m.11 views

EUVD-2026-34054

The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the getshopurl method returning the shopname setting value without sanitization when it begins with "http", combined with insufficient validation in th...

4.4CVSS6AI score0.00208EPSS
Exploits0References8
NVD
NVD
added 2026/06/03 12:16 a.m.12 views

CVE-2026-7421

The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the getshopurl method returning the shopname setting value without sanitization when it begins with "http", combined with insufficient validation in th...

4.4CVSS0.00208EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.9 views

WordPress plugin Passeum Ticketing 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.4CVSS5.1AI score0.00208EPSS
Exploits0References7
Vulnrichment
Vulnrichment
added 2026/06/02 11:27 p.m.9 views

CVE-2026-7421 Passeum Ticketing <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'shop_name' Setting

The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the getshopurl method returning the shopname setting value without sanitization when it begins with "http", combined with insufficient validation in th...

4.4CVSS6AI score0.00208EPSS
Exploits0References7
Cvelist
Cvelist
added 2026/06/02 11:27 p.m.44 views

CVE-2026-7421 Passeum Ticketing <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'shop_name' Setting

The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the getshopurl method returning the shopname setting value without sanitization when it begins with "http", combined with insufficient validation in th...

4.4CVSS0.00208EPSS
Exploits0References7
Patchstack
Patchstack
added 2026/06/02 10:57 a.m.10 views

WordPress Passeum Ticketing plugin <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting vulnerability

Authenticated Administrator+ Stored Cross-Site Scripting vulnerability discovered by KEVIN LEE crattack - OPCIA in WordPress Plugin Passeum Ticketing versions = 1.0...

4.4CVSS5.8AI score0.00208EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder