5 matches found
EUVD-2026-36636
The WP Ticket plugin for WordPress is vulnerable to SQL Injection via the WordPress search query parameter s in versions up to, and including, 6.0.4 The plugin hooks WordPress's postsrequest filter with wpticketcompostsrequest, which calls emdauthorsearchresults when the current request is an...
PT-2026-49077
Name of the Vulnerable Software and Affected Versions WP Ticket versions prior to 6.0.5 Description The WP Ticket plugin for WordPress allows unauthenticated attackers to extract sensitive information from the database. The issue occurs during unauthenticated front-end searches when the plugin...
CVE-2025-60157
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in emarket-design WP Ticket Customer Service Software & Support Ticket System wp-ticket allows Stored XSS.This issue affects WP Ticket Customer Service Software & Support Ticket System: from n/a throu...
CVE-2025-53584
Deserialization of Untrusted Data vulnerability in emarket-design WP Ticket Customer Service Software & Support Ticket System wp-ticket allows Object Injection.This issue affects WP Ticket Customer Service Software & Support Ticket System: from n/a through = 6.0.2...
WordPress Ticket Tailor Plugin <= 1.10 is vulnerable to Cross Site Scripting (XSS)
Software Ticket Tailor Type Plugin Vulnerable versions = 1.10 Fixed in 1.12 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-29104 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID bf9f96915120 Credits Ray Wilson Required privilege Contributor...