CVE-2024-52427

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-52427
Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include (SSI) Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through <= 2.3.11.

8.8 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://patchstack.com/database/Wordpress/Plugin/event-tickets-with-ticket-scanner/vulnerability/wordpress-event-tickets-with-ticket-scanner-plugin-2-3-11-remote-code-execution-rce-vulnerability?_s_id=cve
Configurations

Configuration 1 (hide)

cpe:2.3:a:vollstart:event_tickets_with_ticket_scanner:*:*:*:*:*:wordpress:*:*
History

01 Apr 2026, 16:20

Type Values Removed Values Added
CWE CWE-1336 CWE-82
Summary (en) Improper Neutralization of Special Elements Used in a Template Engine vulnerability in Saso Nikolov Event Tickets with Ticket Scanner allows Server Side Include (SSI) Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through 2.3.11. (en) Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include (SSI) Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through <= 2.3.11.
References
  • {'url': 'https://patchstack.com/database/vulnerability/event-tickets-with-ticket-scanner/wordpress-event-tickets-with-ticket-scanner-plugin-2-3-11-remote-code-execution-rce-vulnerability?_s_id=cve', 'tags': ['Third Party Advisory'], 'source': 'audit@patchstack.com'}
  • () https://patchstack.com/database/Wordpress/Plugin/event-tickets-with-ticket-scanner/vulnerability/wordpress-event-tickets-with-ticket-scanner-plugin-2-3-11-remote-code-execution-rce-vulnerability?_s_id=cve -

20 Nov 2024, 15:29

Type Values Removed Values Added
CWE CWE-94
CPE cpe:2.3:a:vollstart:event_tickets_with_ticket_scanner:*:*:*:*:*:wordpress:*:*
CVSS v2 : unknown
v3 : 9.9 		v2 : unknown
v3 : 8.8
First Time Vollstart
Vollstart event Tickets With Ticket Scanner
References () https://patchstack.com/database/vulnerability/event-tickets-with-ticket-scanner/wordpress-event-tickets-with-ticket-scanner-plugin-2-3-11-remote-code-execution-rce-vulnerability?_s_id=cve - () https://patchstack.com/database/vulnerability/event-tickets-with-ticket-scanner/wordpress-event-tickets-with-ticket-scanner-plugin-2-3-11-remote-code-execution-rce-vulnerability?_s_id=cve - Third Party Advisory

18 Nov 2024, 17:11

Type Values Removed Values Added
Summary
  • (es) La vulnerabilidad de neutralización incorrecta de elementos especiales utilizados en un motor de plantillas en Saso Nikolov Event Tickets con Ticket Scanner permite la inyección de Server Side Include (SSI). Este problema afecta a Event Tickets con Ticket Scanner: desde n/a hasta 2.3.11.

18 Nov 2024, 15:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-18 15:15

Updated : 2026-04-01 16:20

NVD link : CVE-2024-52427

Mitre link : CVE-2024-52427

CVE.ORG link : CVE-2024-52427

JSON object : View

Products Affected

vollstart

  • event_tickets_with_ticket_scanner
CWE
CWE-82

Improper Neutralization of Script in Attributes of IMG Tags in a Web Page

CWE-94

Improper Control of Generation of Code ('Code Injection')