Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Tri Subscribe
Filtered by product Event Tickets
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2019-16120 1 Tri 1 Event Tickets 2023-02-22 6.5 MEDIUM 8.8 HIGH
CSV injection in the event-tickets (Event Tickets) plugin before 4.10.7.2 for WordPress exists via the "All Post> Ticketed > Attendees" Export Attendees feature.
CVE-2021-25028 1 Tri 1 Event Tickets 2022-01-28 5.8 MEDIUM 6.1 MEDIUM
The Event Tickets WordPress plugin before 5.2.2 does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue