cleantalk
Vulnerabilities and Security Researches

Event Tickets with Ticket Scanner, a15b09db3fbaefb7151e884a7c472101b7df0d2e

CVE, Research URL

a15b09db3fbaefb7151e884a7c472101b7df0d2e

Home page URL

Security reports for Event Tickets with Ticket Scanner

Application

Event Tickets with Ticket Scanner

Published on
Aug 18, 2023
Research Description
Event Tickets with Ticket Scanner [event-tickets-with-ticket-scanner] < 1.5.5 Event Tickets with Ticket Scanner <= 1.5.4 - Authenticated (Subscriber+) Stored Cross-Site Scripting The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Stored Cross-Site Scripting in versions up to, and including, 1.5.4 via the 'data[codes]' parameter saved through the 'sasoEventtickets_executeAdminSettings' AJAX action, due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with minimal permissions such as a subscriber, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.
Affected versions
Min -, max 1.5.5.
Status
vulnerable
Previous vulnerability researches
Event Tickets with Ticket Scanner (CVE-2024-52427) , Nov 19, 2024
Event Tickets with Ticket Scanner (CVE-2024-6711) , Aug 16, 2024
Event Tickets with Ticket Scanner (CVE-2024-9866) , Dec 07, 2024
Event Tickets with Ticket Scanner (CVE-2024-35652) , Jun 06, 2024
Event Tickets with Ticket Scanner (a15b09db3fbaefb7151e884a7c472101b7df0d2e) , Jun 06, 2024
New vulnerability
CF7 Spreadsheets (CVE-2025-31536) , Apr 05, 2025
Awesome Logos (CVE-2025-31899) , Apr 05, 2025
Flickr Photostream (CVE-2025-31467) , Apr 05, 2025
CM Header &amp; Footer Script Loader &#8211; Insert Script Plugin (CVE-2025-31091) , Apr 05, 2025
Minimalistic Event Manager (CVE-2025-31739) , Apr 05, 2025