CVE-2024-6711
- EPSS 0.06%
- Veröffentlicht 15.05.2025 20:15:55
- Zuletzt bearbeitet 13.11.2025 21:15:48
The Event Tickets with Ticket Scanner WordPress plugin before 2.3.8 does not sanitise and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks
CVE-2025-1762
- EPSS 0.03%
- Veröffentlicht 28.03.2025 06:00:03
- Zuletzt bearbeitet 17.04.2025 13:48:32
The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-52427
- EPSS 9.01%
- Veröffentlicht 18.11.2024 15:15:06
- Zuletzt bearbeitet 20.11.2024 15:29:52
Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Server Side Include (SSI) Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through 2....
CVE-2024-35652
- EPSS 0.15%
- Veröffentlicht 04.06.2024 15:15:46
- Zuletzt bearbeitet 21.11.2024 09:20:34
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Reflected XSS.This issue affects Event Tickets with Ticket Scanner: from n/a through 2....