Vulnerabilities and security researches forevent-tickets-with-ticket-scanner event-tickets-with-ticket-scanner

Jun 06, 2024

CVE, Research URL: CVE-2024-35652
Home page URL: Security reports for Event Tickets with Ticket Scanner
Application: Event Tickets with Ticket Scanner
Date: Jun 04, 2024
Research Description: Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Reflected XSS.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.1.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: a15b09db3fbaefb7151e884a7c472101b7df0d2e
Home page URL: Security reports for Event Tickets with Ticket Scanner
Application: Event Tickets with Ticket Scanner
Date: Aug 18, 2023
Research Description: Event Tickets with Ticket Scanner [event-tickets-with-ticket-scanner] < 1.5.5 Event Tickets with Ticket Scanner <= 1.5.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.4 via the 'data[codes]' parameter saved through the 'sasoEventtickets_executeAdminSettings' AJAX action, due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions: Min -, max -.
Status: vulnerable

Aug 16, 2024

CVE, Research URL: CVE-2024-6711
Home page URL: Security reports for Event Tickets with Ticket Scanner
Application: Event Tickets with Ticket Scanner
Date: -
Research Description: Event Tickets with Ticket Scanner [event-tickets-with-ticket-scanner] < 2.3.8 CVE-2024-6711
Affected versions: Min -, max -.
Status: vulnerable

Nov 19, 2024

CVE, Research URL: CVE-2024-52427
Home page URL: Security reports for Event Tickets with Ticket Scanner
Application: Event Tickets with Ticket Scanner
Date: Nov 18, 2024
Research Description: Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Server Side Include (SSI) Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.11.
Affected versions: Min -, max -.
Status: vulnerable

Dec 07, 2024

CVE, Research URL: CVE-2024-9866
Home page URL: Security reports for Event Tickets with Ticket Scanner
Application: Event Tickets with Ticket Scanner
Date: Dec 06, 2024
Research Description: The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping and missing authorization on the functionality to manage tickets. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page. This missing authorization aspect of this was patched in 2.4.1, while the Cross-Site Scripting was fully patched in 2.4.4.
Affected versions: Min -, max -.
Status: vulnerable