WordPress · My Tickets · CVE-2021-24796
Name of the Vulnerable Software and Affected Versions:
My Tickets WordPress plugin versions prior to 1.8.31
Description:
The issue concerns the improper sanitization and escaping of the Email field of booked tickets in the Payment admin dashboard. This could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.
Recommendations:
For versions prior to 1.8.31, update to version 1.8.31 or later to resolve the issue.