Get a demo
100% Signal 0% Noise Invicti Logo - The Largest Dynamic Application Security Solutions Provider In The World Get a demo
Web Application Vulnerabilities Runtime SCA Findings
Looking for the vulnerability index of Invicti's legacy products?
Invicti Enterprise Acunetix Standard & Premium
WordPress Plugin Event Tickets CSV Injection - CVE-2019-16120 - Vulnerability Database
WP Plugin Event Tickets

WordPress Plugin Event Tickets CSV Injection - CVE-2019-16120

Medium
Reference: CVE-2019-16120
NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2019-16120
Title: WordPress Plugin Event Tickets CSV Injection
Overview:

WordPress Plugin Event Tickets is prone to a vulnerability that lets remote attackers inject arbitrary formulas into CSV files. Attackers can possibly exploit this issue to execute arbitrary commands on the victims system by the use of Microsoft Excel DDE function or to leak data via maliciously injected hyperlinks. WordPress Plugin Event Tickets version 4.10.7.1 is vulnerable prior versions may also be affected.