cleantalk
Vulnerabilities and Security Researches

Event Tickets and Registration, CVE-2021-25028

CVE, Research URL

CVE-2021-25028

Home page URL

Security reports for Event Tickets and Registration

Application

Event Tickets and Registration

Published on
Jan 24, 2022
Research Description
The Event Tickets WordPress plugin before 5.2.2 does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue
Affected versions
Min -, max 5.3.0.1.
Status
vulnerable
Previous vulnerability researches
Event Tickets with Ticket Scanner (CVE-2024-52427) , Nov 19, 2024
Event Tickets with Ticket Scanner (CVE-2024-6711) , Aug 16, 2024
Event Tickets with Ticket Scanner (CVE-2024-9866) , Dec 07, 2024
Event Tickets with Ticket Scanner (CVE-2024-35652) , Jun 06, 2024
Event Tickets with Ticket Scanner (a15b09db3fbaefb7151e884a7c472101b7df0d2e) , Jun 06, 2024
New vulnerability
Uncanny Automator – Automate everything with the #1 automation, integration & webhooks plugin (CVE-2025-2075) , Apr 05, 2025
Blubrry PowerPress Podcasting plugin MultiSite add-on (CVE-2025-31436) , Apr 05, 2025
Wptobe-signinup (CVE-2025-30611) , Apr 05, 2025
Lexicata (CVE-2025-31900) , Apr 05, 2025
WooTumblog (CVE-2025-31729) , Apr 05, 2025