VYPR

Event Tickets With Ticket Scanner

by WordPress

Source repositories

CVEs (5)

  • CVE-2025-68015CriJan 22, 2026
    risk 0.59cvss 9.0epss 0.00

    Improper Control of Generation of Code ('Code Injection') vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Code Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through <= 2.8.5.

  • CVE-2024-9866MedDec 6, 2024
    risk 0.35cvss 5.4epss 0.00

    The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'data' parameters in all versions up to, and including, 2.4.4 due to insufficient input sanitization and output escaping and missing authorization on the functionality…

  • CVE-2024-6711May 15, 2025
    risk 0.00cvss epss 0.00

    The Event Tickets with Ticket Scanner WordPress plugin before 2.3.8 does not sanitise and escape some parameters, which could allow users with a role as low as admin to perform Cross-Site Scripting attacks

  • CVE-2025-1762Mar 28, 2025
    risk 0.00cvss epss 0.00

    The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack

  • CVE-2024-35652Jun 4, 2024
    risk 0.00cvss epss 0.00

    Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Reflected XSS.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.1.