CVE-2021-24796

CVE-2021-24796: My Tickets < 1.8.31 - Unauthenticated Stored Cross-Site Scripting

Vendor Unknown
Product My Tickets
Weakness CWE-79 · XSS
Published November 17, 2021
Last update August 3, 2024
View on NVD All CVEs

CVSS base score

What the vulnerability does

01Description

The My Tickets WordPress plugin before 1.8.31 does not properly sanitise and escape the Email field of booked tickets before outputting it in the Payment admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins

Key dates

02Disclosure timeline

November 17, 2021 CVE published
August 3, 2024 Record updated

Related vulnerabilities

04Related CVE

CVE-2025-24542 WordPress Icegram Engage plugin <= 3.1.31 - Cross Site Scripting (XSS) vulnerability CVE-2025-64820 Adobe Experience Manager | Cross-site Scripting (Stored XSS) (CWE-79) CVE-2026-1613 Wonka Slide <= 1.3.3 - Authenticated (Contributor+) Stored Cross-Site Scripting via Shortcode CVE-2026-5111 Gravity Forms <= 2.10.0 - Unauthenticated Stored Cross-Site Scripting via Hidden Product Field in Repeater CVE-2025-10386 Yida ECMS Consulting Enterprise Management System POST Request login.do cross site scripting