CVE-2015-5485

Name of the Vulnerable Software and Affected Versions Modern Tribe Eventbrite Tickets plugin versions prior to 3.10.2

Description The issue is related to a cross-site scripting (XSS) vulnerability in the Event Import page. This vulnerability allows remote attackers to inject arbitrary web script or HTML via the error parameter to the "wp-admin/edit.php" endpoint.

Recommendations For versions prior to 3.10.2, update to version 3.10.2 or later to resolve the issue. As a temporary workaround, consider restricting access to the import-eventbrite-events.php page and the wp-admin/edit.php endpoint to minimize the risk of exploitation. Avoid using the error parameter in the affected endpoint until the issue is resolved.