Login Sign Up

CVE-2024-52427

9.9 CRITICAL
Remote Code Execution

📋 TL;DR

This CVE describes a Server Side Include (SSI) injection vulnerability in the WordPress Event Tickets with Ticket Scanner plugin. Attackers can inject malicious template code to execute arbitrary commands on the server. All WordPress sites using vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:
  • WordPress Event Tickets with Ticket Scanner plugin
Versions: n/a through 2.3.11
Operating Systems: Any OS running WordPress
Default Config Vulnerable: ⚠️ Yes
Notes: All WordPress installations with vulnerable plugin versions are affected regardless of configuration.

📦 What is this software?

Event Tickets With Ticket Scanner by Vollstart

View all CVEs affecting Event Tickets With Ticket Scanner →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete server compromise, data theft, malware deployment, and website defacement.

🟠

Likely Case

Unauthenticated attackers executing arbitrary commands to gain shell access, install backdoors, or pivot to other systems.

🟢

If Mitigated

Attack attempts are logged and blocked by web application firewalls, with minimal impact due to isolation controls.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Public exploit details available on Patchstack; trivial exploitation for attackers with basic web security knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.3.12 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/event-tickets-with-ticket-scanner/wordpress-event-tickets-with-ticket-scanner-plugin-2-3-11-remote-code-execution-rce-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Event Tickets with Ticket Scanner'. 4. Click 'Update Now' if available. 5. Alternatively, download latest version from WordPress repository and manually update.

🔧 Temporary Workarounds

Temporary Plugin Deactivation

all

Disable the vulnerable plugin until patched

wp plugin deactivate event-tickets-with-ticket-scanner

Web Application Firewall Rule

all

Block SSI injection patterns at WAF layer

Add rule to block requests containing '<!--#exec' or template engine injection patterns

🧯 If You Can't Patch

  • Remove the plugin entirely and use alternative ticketing solutions
  • Implement strict network segmentation to isolate WordPress instance

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin → Plugins → Event Tickets with Ticket Scanner version

Check Version:

wp plugin get event-tickets-with-ticket-scanner --field=version

Verify Fix Applied:

Confirm plugin version is 2.3.12 or higher in WordPress admin

📡 Detection & Monitoring

Log Indicators:

  • Unusual POST requests to plugin endpoints
  • Web server logs showing SSI execution attempts
  • WordPress debug logs with template engine errors

Network Indicators:

  • HTTP requests containing template injection payloads
  • Outbound connections from web server to unknown IPs

SIEM Query:

source="wordpress.log" AND "event-tickets-with-ticket-scanner" AND ("exec" OR "include" OR "template")

📊 Metadata

CVE ID: CVE-2024-52427
CVSS v3 Score: 9.9 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CWE: CWE-1336
Published: November 18, 2024
Last Updated: November 20, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-52427, you might also want to check these:

CVE-2025-46661 10.0

CVE-2025-46661 is an unauthenticated remote code execution vulnerability in IPW Systems Metazo throu...

Same vulnerability type (CWE-1336)
CVE-2025-47916 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary PHP code on Invision...

Same vulnerability type (CWE-1336)
CVE-2024-12583 9.9

The Dynamics 365 Integration plugin for WordPress has a Server-Side Template Injection vulnerability...

Same vulnerability type (CWE-1336)