WordPress Plugin Vulnerabilities

Event Tickets < 5.2.2 - Open Redirect

Description

The plugin does not validate the tribe_tickets_redirect_to parameter before redirecting the user to the given value, leading to an arbitrary redirect issue

Proof of Concept

Affects Plugins

Plugin icon
event-tickets
Fixed in 5.2.2

References

CVE
CVE-2021-25028

Classification

Type
REDIRECT
OWASP top 10
A1: Injection
CWE
CWE-601
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
Krzysztof Zając
Submitter
Krzysztof Zając
Submitter website
https://kazet.cc/
Verified
Yes
WPVDB ID
80b0682e-2c3b-441b-9628-6462368e5fc7

Timeline

Publicly Published
2021-12-22 (about 4 years ago)
Added
2021-12-22 (about 4 years ago)
Last Updated
2022-04-13 (about 3 years ago)

Other

Published
Title
Published
2024-09-30
Title
ElementsReady Addons for Elementor 6.4.2 - Open Redirect
Published
2021-12-20
Title
AnyComment < 0.3.5 - Open Redirect
Published
2020-11-27
Title
Age Gate < 2.13.5 - Unauthenticated Open Redirect
Published
2021-01-21
Title
Digital Climate Strike WP <= 1.0.0 - Redirect to Malicious Website due to Compromised JS Asset
Published
2025-07-03
Title
AI Engine 2.8.4 - Insecure OAuth Implementation