MEDIUM🇵🇱 Wersja polska

CVE-2025-1762

CVSS 4.3v3.1pub. 2025-03-28upd. 2025-04-17

The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N
  • Vollstart Event Tickets With Ticket Scanner

    APP
    Vollstart
    < 2.5.4
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-52427CRITICAL9.9PL ✓ten sam produkt

RCE przez deserializację danych w pluginie Event Tickets with Ticket Scanner

CVE-2024-35652HIGH7.1ten sam produkt

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in S...

CVE-2024-6711LOW3.5ten sam produkt

The Event Tickets with Ticket Scanner WordPress plugin before 2.3.8 does not sanitise and escape some paramete...