CVE-2021-25028 – Event Tickets < 5.2.2 - Open Redirect
https://notcve.org/view.php?id=CVE-2021-25028
The Event Tickets WordPress plugin before 5.2.2 does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue El plugin Event Tickets de WordPress versiones anteriores a 5.2.2, no comprueba el parámetro tribe_tickets_redirect_to antes de redirigir al usuario al valor dado, conllevando a un problema de redireccionamiento arbitrario • https://wpscan.com/vulnerability/80b0682e-2c3b-441b-9628-6462368e5fc7 • CWE-601: URL Redirection to Untrusted Site ('Open Redirect') •
CVE-2019-16120 – Event Tickets <= 4.10.7.1 - CSV Injection
https://notcve.org/view.php?id=CVE-2019-16120
CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature. La inyección de CSV en el plugin de tickets de evento (Event TIckets) antes de 4.10.7.2 para WordPress existe a través de la función Exportar asistentes "Todas las publicaciones> Entradas con tickets> Asistentes". • https://wordpress.org/plugins/event-tickets/#developers https://wpvulndb.com/vulnerabilities/9858 https://www.exploit-db.com/exploits/47335 • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-1236: Improper Neutralization of Formula Elements in a CSV File •