🧹It's time for some spring cleaning! All researchers earn over 6.25x our normal bounty rates, through May 27th, 2024, when Wordfence handles responsible disclosure for our Spring Cleaning Bug Extravaganza! Learn more about our bug bounty program
Register as a researcher and submit your vulnerabilities today!

Event Tickets and Registration

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Event Tickets and Registration

Information

Software Type	Plugin
Software Slug	event-tickets (view on wordpress.org)
Software Status	Active
Software Author	theeventscalendar
Software Website	evnt.is
Software Downloads	3,736,710
Software Active Installs	80,000
Software Record Last Updated	May 20, 2024

6 Vulnerabilities

Event Tickets <= 4.10.7.1 - CSV Injection

8.8

CVE-2019-16120

Sep 2, 2019

Researcher: MTK (Muhammad Talha Khan)

Event Tickets <= 5.2.1 - Open Redirect

6.1

CVE-2021-25028

Dec 22, 2021

Researcher: Krzysztof Zając

Freemius SDK <= 2.4.2 - Missing Authorization Checks

6.3

CVE ID Unknown

Mar 4, 2022

Researchers:

Event Tickets and Registration <= 5.8.0 Events Tickets Plus <= 5.9.0 - Authenticated (Contributor+) Information Exposure

4.3

CVE-2024-1316

Feb 8, 2024

Researcher: Scott Kingsley Clark

Event Tickets and Registration <= 5.8.1 - Missing Authorization

4.3

CVE-2024-1053

Feb 21, 2024

Researcher: Muhammad Daffa

Event Tickets and Registration <= 5.8.2 - Improper Authorization to Information Disclosure

4.3

CVE-2024-2261

Mar 26, 2024

Researcher: Tim Coen

Title	Status	CVE ID	CVSS	Researchers	Date
Event Tickets <= 4.10.7.1 - CSV Injection	Patched	CVE-2019-16120	8.8	MTK (Muhammad Talha Khan)	September 2, 2019
Event Tickets <= 5.2.1 - Open Redirect	Patched	CVE-2021-25028	6.1	Krzysztof Zając	December 22, 2021
Freemius SDK <= 2.4.2 - Missing Authorization Checks	Patched		6.3		March 4, 2022
Event Tickets and Registration <= 5.8.0 Events Tickets Plus <= 5.9.0 - Authenticated (Contributor+) Information Exposure	Patched	CVE-2024-1316	4.3	Scott Kingsley Clark	February 8, 2024
Event Tickets and Registration <= 5.8.1 - Missing Authorization	Patched	CVE-2024-1053	4.3	Muhammad Daffa	February 21, 2024
Event Tickets and Registration <= 5.8.2 - Improper Authorization to Information Disclosure	Patched	CVE-2024-2261	4.3	Tim Coen	March 26, 2024

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation