cleantalk
Vulnerabilities and Security Researches

Vulnerabilities and security researches formy-tickets my-tickets

Direction: ascending
Jun 07, 2024

My Tickets # CVE-2023-23988

CVE, Research URL

CVE-2023-23988

Home page URL

Security reports for My Tickets

Application

My Tickets

Date
May 17, 2024
Research Description
Missing Authorization vulnerability in Joseph C Dolson My Tickets.This issue affects My Tickets: from n/a through 1.9.11.
Affected versions
Min -, max -.
Status
vulnerable

My Tickets # CVE-2021-24796

CVE, Research URL

CVE-2021-24796

Home page URL

Security reports for My Tickets

Application

My Tickets

Date
Nov 17, 2021
Research Description
The My Tickets WordPress plugin before 1.8.31 does not properly sanitise and escape the Email field of booked tickets before outputting it in the Payment admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins
Affected versions
Min -, max -.
Status
vulnerable

My Tickets # CVE-2022-47440

CVE, Research URL

CVE-2022-47440

Home page URL

Security reports for My Tickets

Application

My Tickets

Date
Mar 13, 2023
Research Description
Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Tickets plugin <= 1.9.10 versions.
Affected versions
Min -, max -.
Status
vulnerable
Jan 22, 2025

My Tickets # CVE-2025-22717

CVE, Research URL

CVE-2025-22717

Home page URL

Security reports for My Tickets

Application

My Tickets

Date
Jan 21, 2025
Research Description
Missing Authorization vulnerability in Joe Dolson My Tickets allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects My Tickets: from n/a through 2.0.9.
Affected versions
Min -, max -.
Status
vulnerable
Apr 29, 2025

My Tickets # CVE-2025-3761

CVE, Research URL

CVE-2025-3761

Home page URL

Security reports for My Tickets

Application

My Tickets

Date
Apr 24, 2025
Research Description
The My Tickets – Accessible Event Ticketing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.0.16. This is due to the mt_save_profile() function not appropriately restricting access to unauthorized users to update roles. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to that of an administrator.
Affected versions
Min -, max -.
Status
vulnerable