11 matches found
CVE-2025-1402
The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ajaxticketdelete' function in all versions up to, and including, 5.19.1.1. This makes it possible for authenticated attackers, with Contributor-level access...
CVE-2024-38762 WordPress Event Tickets and Registration plugin <= 5.11.0.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in StellarWP Event Tickets event-tickets allows Cross Site Request Forgery.This issue affects Event Tickets: from n/a through = 5.11.0.4...
CVE-2024-38762 WordPress Event Tickets and Registration plugin <= 5.11.0.4 - Cross Site Request Forgery (CSRF) vulnerability
Cross-Site Request Forgery CSRF vulnerability in StellarWP Event Tickets event-tickets allows Cross Site Request Forgery.This issue affects Event Tickets: from n/a through = 5.11.0.4...
WordPress Event Tickets with Ticket Scanner Plugin < 2.3.8 is vulnerable to Cross Site Scripting (XSS)
Software Event Tickets with Ticket Scanner Type Plugin Vulnerable versions 2.3.8 Fixed in 2.3.8 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2024-6711 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 0bf7f36b041a Credits Anas Jam...
WordPress Event Tickets Plugin <= 5.11.0.4 is vulnerable to Cross Site Request Forgery (CSRF)
Software Event Tickets Type Plugin Vulnerable versions = 5.11.0.4 Fixed in 5.11.0.5 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2024-38762 Patch priority Low CVSS severity Low 4.3 Developer Liquid Web / StellarWP PSID 0a615d084880 Credits Joshua...
CVE-2024-35652 WordPress Event Tickets with Ticket Scanner plugin <= 2.3.1 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Reflected XSS.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.1...
WordPress Event Tickets with Ticket Scanner Plugin <= 2.3.1 is vulnerable to Cross Site Scripting (XSS)
Software Event Tickets with Ticket Scanner Type Plugin Vulnerable versions = 2.3.1 Fixed in 2.3.2 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-35652 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID a8b7482ae90c Credits Le Ngoc Anh...
WordPress Event Tickets Plugin <= 5.8.1 is vulnerable to Broken Access Control
Software Event Tickets Type Plugin Vulnerable versions = 5.8.1 Fixed in 5.8.2 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1053 Patch priority Low CVSS severity Low 4.3 Developer Liquid Web / StellarWP PSID ddaccf519ce9 Credits Muhammad Daffa Required...
WordPress Event Tickets with Ticket Scanner Plugin < 1.5.5 is vulnerable to Cross Site Scripting (XSS)
Software Event Tickets with Ticket Scanner Type Plugin Vulnerable versions 1.5.5 Fixed in 1.5.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE N/A Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID daa37a82b56a Credits Unknown...
WordPress Event Tickets Plugin <= 5.5.11.1 is vulnerable to Cross Site Scripting (XSS)
Software Event Tickets Type Plugin Vulnerable versions = 5.5.11.1 Fixed in 5.6.0 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Liquid Web / StellarWP PSID b526dab2f64a Credits Rafie Muhammad Patchstack...
WordPress Event Tickets 4.10.7.1 CSV Injection
Exploit Title: WordPress Plugin Event Tickets = 4.10.7.1 - CSV Injection Google Dork: inurl:"\wp-content\plugins\event-tickets" Date: 09-01-2019 Exploit Author: MTK http://mtk911.cf/ Vendor Homepage: https://tri.be/ Software Link: https://downloads.wordpress.org/plugin/event-tickets.4.10.7.1.zip...