Lucene search
K

7 matches found

EUVD
EUVD
added 2026/06/03 12:30 a.m.12 views

EUVD-2026-34054

The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the getshopurl method returning the shopname setting value without sanitization when it begins with "http", combined with insufficient validation in th...

4.4CVSS6AI score0.00208EPSS
Exploits0References8
NVD
NVD
added 2026/06/03 12:16 a.m.12 views

CVE-2026-7421

The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the getshopurl method returning the shopname setting value without sanitization when it begins with "http", combined with insufficient validation in th...

4.4CVSS0.00208EPSS
Exploits0References7
CNNVD
CNNVD
added 2026/06/03 12:0 a.m.11 views

WordPress plugin Passeum Ticketing 跨站脚本漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPres...

4.4CVSS5.1AI score0.00208EPSS
Exploits0References7
CVE
CVE
added 2026/06/02 11:27 p.m.30 views

CVE-2026-7421

The Passeum Ticketing plugin for WordPress (all versions up to 1.0) is vulnerable to Stored XSS when the shop_name setting starts with http. The get_shop_url() method returns the raw shop_name without sufficient sanitization, and validate_shop_name() only checks for emptiness and type, allowing a...

4.4CVSS6AI score0.00208EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/06/02 11:27 p.m.7 views

CVE-2026-7421

The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the getshopurl method returning the shopname setting value without sanitization when it begins with "http", combined with insufficient validation in th...

4.4CVSS6AI score0.00208EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/06/02 11:27 p.m.45 views

CVE-2026-7421 Passeum Ticketing <= 1.0 - Authenticated (Administrator+) Stored Cross-Site Scripting via 'shop_name' Setting

The Passeum Ticketing plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 1.0. This is due to the getshopurl method returning the shopname setting value without sanitization when it begins with "http", combined with insufficient validation in th...

4.4CVSS0.00208EPSS
Exploits0References7
Packet Storm
Packet Storm
added 2006/07/09 12:0 a.m.19 views

sc09.txt

Shopping Cart V0.9 Homepage: http://glendown.de/shop/ Affected files: index.php editshop.php edititem.php ----------------------------------------- XSS vuln on editshop.php & edititem.php: Data isn't sanatized before being entered. For a PoC as a shop name or item enter in: alert'xss' The shop...

7.4AI score
Exploits0
Rows per page
Query Builder