CRITICAL✓ PATCH🇵🇱 Wersja polska

CVE-2024-52427

CVSS 9.9v3.1pub. 2024-11-18upd. 2026-04-23

Deserialization of Untrusted Data vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Server Side Include (SSI) Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through <= 2.3.11.

🤖 AI Analysis
How it works

The vulnerability results from improper deserialization of untrusted data (CWE-94, CWE-82), which enables injection of Server Side Include (SSI Injection) directives. An attacker with basic privileges (authenticated user) can submit crafted data that will undergo unsafe deserialization on the server side. As a result, arbitrary code execution in the server context is possible, potentially extending beyond application isolation (Scope Changed).

Impact

An attacker can gain full control over the server, including confidentiality, integrity and availability of the system being completely compromised. It is possible to execute arbitrary system commands, steal data and take over the hosting environment.

Mitigation & patch

The 'Event Tickets with Ticket Scanner' plugin should be immediately updated to a version higher than 2.3.11. Details regarding the available patch are available in the manufacturer's references and in the Patchstack database. Until the update is applied, it is recommended to deactivate the plugin.

Who is affected

WordPress plugin 'Event Tickets with Ticket Scanner' (Vollstart) in versions from n/a to 2.3.11 inclusive.

Analysis generated by Claude AI (Anthropic) based on NVD data. Always verify with vendor.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
  • Vollstart Event Tickets With Ticket Scanner

    APP
    Vollstart
    < 2.3.12
🟢
PATCH AVAILABLE
Vendor update available. Deploy in standard maintenance cycle.
Tags
Deserialization
CWE
References

Related vulnerabilities

CVE-2024-35652HIGH7.1ten sam produkt

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in S...

CVE-2025-1762MEDIUM4.3ten sam produkt

The Event Tickets with Ticket Scanner WordPress plugin before 2.5.4 does not have CSRF check in place when upd...

CVE-2024-6711LOW3.5ten sam produkt

The Event Tickets with Ticket Scanner WordPress plugin before 2.3.8 does not sanitise and escape some paramete...