The Event Tickets with Ticket Scanner WordPress plugin before 2.3.8 does not sanitise and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:L/I:L/A:NVollstart Event Tickets With Ticket Scanner
APPVollstart< 2.3.8
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
Tagi
XSS
CWE
Powiązane podatności
CVE-2024-52427CRITICAL9.9PL ✓ten sam produkt
RCE przez deserializację danych w pluginie Event Tickets with Ticket Scanner
CVE-2024-35652HIGH7.1ten sam produkt
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in S...
CVE-2025-1762MEDIUM4.3ten sam produkt
The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 does not have CSRF check in place when upd...