First published: Thu Jul 18 2019(Updated: )
The CampTix Event Ticketing plugin before 1.5 for WordPress allows CSV injection when the export tool is used.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Automattic Camptix Event Ticketing | <1.5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2016-10762 is a vulnerability in the CampTix Event Ticketing plugin for WordPress that allows CSV injection when the export tool is used.
CVE-2016-10762 affects CampTix Event Ticketing plugin version up to and exclusive of 1.5.0 by allowing CSV injection during export.
The severity of CVE-2016-10762 is high with a CVSS score of 7.5.
To fix CVE-2016-10762, update the CampTix Event Ticketing plugin to version 1.5.0 or later.
Yes, you can find more information about CVE-2016-10762 in the following references: [HackerOne report](https://hackerone.com/reports/151516) and [WordPress plugin page](https://wordpress.org/plugins/camptix/#developers).