CVE-2025-11517
- EPSS 0.16%
- Veröffentlicht 18.10.2025 06:42:43
- Zuletzt bearbeitet 21.10.2025 19:31:25
The Event Tickets and Registration plugin for WordPress is vulnerable to payment bypass in all versions up to, and including, 5.26.5. This is due to the /wp-json/tribe/tickets/v1/commerce/free/order endpoint not verifying that a ticket type should be...
CVE-2025-30794
- EPSS 0.19%
- Veröffentlicht 01.04.2025 06:15:51
- Zuletzt bearbeitet 01.04.2025 20:26:11
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in The Events Calendar Event Tickets allows Reflected XSS. This issue affects Event Tickets: from n/a through 5.20.0.
CVE-2025-1402
- EPSS 0.17%
- Veröffentlicht 21.02.2025 12:15:30
- Zuletzt bearbeitet 25.02.2025 04:04:59
The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ajax_ticket_delete' function in all versions up to, and including, 5.19.1.1. This makes it possible for authe...
CVE-2024-38762
- EPSS 0.16%
- Veröffentlicht 02.01.2025 12:15:23
- Zuletzt bearbeitet 02.01.2025 12:15:23
Cross-Site Request Forgery (CSRF) vulnerability in The Events Calendar Event Tickets allows Cross Site Request Forgery.This issue affects Event Tickets: from n/a through 5.11.0.4.
CVE-2024-2261
- EPSS 0.24%
- Veröffentlicht 09.04.2024 19:15:30
- Zuletzt bearbeitet 21.11.2024 09:09:22
The Event Tickets and Registration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.8.2 via the RSVP functionality. This makes it possible for authenticated attackers, with contributor acces...