CVE-2025-11517
- EPSS 0.16%
- Veröffentlicht 18.10.2025 06:42:43
- Zuletzt bearbeitet 15.04.2026 00:35:42
The Event Tickets and Registration plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 5.26.5. This is due to the /wp-json/tribe/tickets/v1/commerce/free/order endpoint not verifying that a ticket type should be...
CVE-2025-30794
- EPSS 0.14%
- Veröffentlicht 01.04.2025 06:15:51
- Zuletzt bearbeitet 15.04.2026 00:35:42
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in StellarWP Event Tickets event-tickets allows Reflected XSS.This issue affects Event Tickets: from n/a through <= 5.20.0.
CVE-2025-1402
- EPSS 0.13%
- Veröffentlicht 21.02.2025 12:15:30
- Zuletzt bearbeitet 25.02.2025 04:04:59
The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ajax_ticket_delete' function in all versions up to, and including, 5.19.1.1. This makes it possible for authe...
CVE-2024-38762
- EPSS 0.08%
- Veröffentlicht 02.01.2025 12:15:23
- Zuletzt bearbeitet 15.04.2026 00:35:42
Cross-Site Request Forgery (CSRF) vulnerability in StellarWP Event Tickets event-tickets allows Cross Site Request Forgery.This issue affects Event Tickets: from n/a through <= 5.11.0.4.
CVE-2024-2261
- EPSS 0.24%
- Veröffentlicht 09.04.2024 19:15:30
- Zuletzt bearbeitet 15.04.2026 00:35:42
The Event Tickets and Registration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.8.2 via the RSVP functionality. This makes it possible for authenticated attackers, with contributor acces...