Vollstart: >> Event Tickets With Ticket Scanner >> 2.3.11 Security Vulnerabilities
The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVSS Score
4.3
EPSS Score
0.001
Published
2025-03-28
Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include (SSI) Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through <= 2.3.11.
CVSS Score
8.8
EPSS Score
0.123
Published
2024-11-18