ThreatPress

WordPress Vulnerabilities Database

Back

WordPress Event Tickets plugin <= 4.10.7.1 - CSV Injection vulnerability

Product
Event Tickets
Description
CSV Injection vulnerability found by MTK in WordPress Event Tickets plugin (versions <= 4.10.7.1).
Solution
3 September 2019 - we were unable to find a patched version of this plugin. Deactivate and uninstall until the patched version release.
Classification
Type Unknown
OWASP Top 10 A1: Injection
References
Plugin changelog
CVE
Name CVE-N/A
Versions
Affected In <= 4.10.7.1
Disclosure date
2019-09-03
Credits
MTK
Submitter
ThreatPress