1 results (0.001 seconds)
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1
CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 1CVE-2025-1762 – Event Tickets with Ticket Scanner < 2.5.4 - Arbitrary Tickets Deletion via CSRF
https://notcve.org/view.php?id=CVE-2025-1762
06 Mar 2025 — The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack The Event Tickets with Ticket Scanner plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.5.3. This is due to missing or incorrect nonce validation on the executeJSON() function. This makes it possible for unauthenticated attackers to delete arb... • https://wpscan.com/vulnerability/d5cefdee-2ba0-465d-b176-0dff39fc322c • CWE-352: Cross-Site Request Forgery (CSRF) •