NotCVE - vendor:"My Tickets Project" product:"My Tickets" version:"

3 results (0.004 seconds)

CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0

CVE-2023-23988 – WordPress My Tickets plugin <= 1.9.11 - Payment Bypass Vulnerability

https://notcve.org/view.php?id=CVE-2023-23988

20 Jan 2023 — Missing Authorization vulnerability in Joseph C Dolson My Tickets.This issue affects My Tickets: from n/a through 1.9.11. Vulnerabilidad de autorización faltante en Joseph C Dolson My Tickets. Este problema afecta a My Tickets: desde n/a hasta 1.9.11. The My Tickets plugin for WordPress is vulnerable to authorization bypass due insufficient validation of a users payment offline payment status in versions up to, and including, 1.9.11. This makes it possible for unauthenticated attackers to bypass completing ... • https://patchstack.com/database/vulnerability/my-tickets/wordpress-my-tickets-plugin-1-9-11-payment-bypass-vulnerability?_s_id=cve • CWE-285: Improper Authorization CWE-862: Missing Authorization •

CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0

CVE-2022-47440 – WordPress My Tickets Plugin <= 1.9.10 is vulnerable to Cross Site Request Forgery (CSRF)

https://notcve.org/view.php?id=CVE-2022-47440

04 Jan 2023 — Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Tickets plugin <= 1.9.10 versions. The My Tickets plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 1.9.10. This is due to missing or incorrect nonce validation on several of its functions including mt_reports_page and mt_import_settings. This makes it possible for unauthenticated attackers to send mass-emails to users and import new plugin settings, via forged request granted they can tric... • https://patchstack.com/database/vulnerability/my-tickets/wordpress-my-tickets-plugin-1-9-10-cross-site-request-forgery-csrf?_s_id=cve • CWE-352: Cross-Site Request Forgery (CSRF) •

CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1

CVE-2021-24796 – My Tickets < 1.8.31 - Unauthenticated Stored Cross-Site Scripting

https://notcve.org/view.php?id=CVE-2021-24796

18 Oct 2021 — The My Tickets WordPress plugin before 1.8.31 does not properly sanitise and escape the Email field of booked tickets before outputting it in the Payment admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins El plugin My Tickets de WordPress versiones anteriores a 1.8.31, no sanea y escapa correctamente del campo Email de los tickets reservados antes de mostrarlo en el panel de administración de pagos, que podría permitir a usuarios no autenticados l... • https://wpscan.com/vulnerability/d973dc0f-3cb4-408d-a8b0-01abeb9ef951 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •