1687 matches found
WordPress Event Tickets < 5.2.2 - Open Redirect
WordPress Event Tickets 5.2.2 is susceptible to an open redirect vulnerability. The plugin does not validate the tribeticketsredirectto parameter before redirecting the user to the given value, leading to an arbitrary redirect issue. id: CVE-2021-25028 info: name: WordPress Event Tickets 5.2.2 -...
CVE-2026-60118
CVE-2026-60118 affects Hi.Events up to v1.10.0-beta, where a missing server-side visibility enforcement lets unauthenticated attackers purchase hidden tickets by referencing hidden product and price IDs in order creation requests without authorization checks. Attackers can enumerate sequential hi...
CVE-2026-60118 Hi.Events < 1.11.0 Hidden Ticket Enumeration via Order Creation Endpoint
Hi.Events before 1.11.0 contains a missing server-side visibility enforcement vulnerability that allows unauthenticated attackers to purchase hidden tickets by referencing hidden product and price IDs in order creation requests without authorization checks. Attackers can enumerate sequential hidd...
CVE-2026-60118 Hi.Events < 1.11.0 Hidden Ticket Enumeration via Order Creation Endpoint
Hi.Events before 1.11.0 contains a missing server-side visibility enforcement vulnerability that allows unauthenticated attackers to purchase hidden tickets by referencing hidden product and price IDs in order creation requests without authorization checks. Attackers can enumerate sequential hidd...
CVE-2026-57705
Missing Authorization vulnerability in Nexcess Event Tickets event-tickets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets: from n/a through = 5.28.5...
CVE-2026-57400
Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through = 1.5.5...
EUVD-2026-43316
This vulnerability is a critical Server-Side Template Injection SSTI in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The messageconfirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to...
CVE-2026-14453
This vulnerability is a critical Server-Side Template Injection SSTI in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The messageconfirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to...
CVE-2026-57705 WordPress Event Tickets plugin <= 5.28.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in Nexcess Event Tickets event-tickets allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets: from n/a through = 5.28.5...
CVE-2026-57400 WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.5 - Broken Access Control vulnerability
Missing Authorization vulnerability in WP Swings Event Tickets Manager for WooCommerce event-tickets-manager-for-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Event Tickets Manager for WooCommerce: from n/a through = 1.5.5...
CVE-2026-57400
The CVE-2026-57400 entry concerns the WordPress plugin Event Tickets Manager for WooCommerce. A Missing Authorization vulnerability is described as due to Incorrectly Configured Access Control Security Levels, affecting the plugin’s “Event Tickets Manager for WooCommerce” component in versions up...
CVE-2026-57705
CVE-2026-57705 affects the WordPress plugin Event Tickets (versions
CVE-2026-14453
The CVE-2026-14453 issue is a critical Server-Side Template Injection (SSTI) in Centreon’s centreon-open-tickets module. The message_confirm field is stored without sanitization and rendered through Smarty with no security policy, allowing any authenticated user to inject and execute arbitrary co...
CVE-2026-14453 A user with low privileges can inject SSTI templates that can lead to RCE in open-tickets
This vulnerability is a critical Server-Side Template Injection SSTI in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The messageconfirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to...
CVE-2026-14453 A user with low privileges can inject SSTI templates that can lead to RCE in open-tickets
This vulnerability is a critical Server-Side Template Injection SSTI in Centreon's centreon-open-tickets module that leads to Remote Code Execution. The messageconfirm field is stored without sanitization and rendered via Smarty with no security policy enabled, allowing any authenticated user, to...
CVE-2026-13039
The Eventin – Event Calendar, Event Registration, Tickets & Booking AI Powered plugin for WordPress is vulnerable to authorization bypass due to a regression in versions from 4.0.26 up to and including 4.1.15. This is due to the plugin not properly verifying that a user is authorized to perform a...
CVE-2026-11875
The WP Support Plus Responsive Ticket System WordPress plugin through 9.1.2 does not sign or verify its guest-session cookie, allowing unauthenticated attackers to forge it and impersonate any ticket owner identified by email address to read, reply to, and close that person's support tickets...
WordPress Event Tickets plugin <= 5.28.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by dunvu0 in WordPress Plugin Event Tickets versions = 5.28.5...
WordPress Event Tickets Manager for WooCommerce plugin <= 1.5.5 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by okndjo in WordPress Plugin Event Tickets Manager for WooCommerce versions = 1.5.5...
CVE-2026-55952
A flaw was found in Erlang/OTP's SSL Secure Sockets Layer application. An unauthenticated remote attacker can send a specially crafted ClientHello message to a TLS 1.3 server with session tickets enabled. This can permanently disrupt the server's ability to handle session tickets, leading to a...