CVE-2026-7421 | Passeum Ticketing Plugin up to 1.0 on WordPress Setting get_shop_url shop_name cross site scripting

Inserito da Angelo Barbosa | Giu 3, 2026 | CVE

A vulnerability classified as problematic was found in Passeum Ticketing Plugin up to 1.0 on WordPress. The affected element is the function get_shop_url of the component Setting Handler. The manipulation of the argument shop_name results in cross site scripting.

This vulnerability was named CVE-2026-7421. The attack may be performed from remote. There is no available exploit.

CVE-2026-7421 | Passeum Ticketing Plugin up to 1.0 on WordPress Setting get_shop_url shop_name cross site scripting

Post correlati

CVE-2024-13879 | xwp Stream Plugin up to 4.0.2 on WordPress server-side request forgery

CVE-2024-10692 | ideaboxcreations PowerPack Elementor Addons Plugin up to 2.8.1 on WordPress authorization (ID 3203205)

CVE-2024-3951 | PTC Codebeamer cross site scripting (icsa-24-128-01)

CVE-2026-34684 | Adobe Substance3D Designer up to 15.1.0 File out-of-bounds write (apsb26-52)