Cyber Posture

CVE-2025-68015

CriticalRCE

Published: 22 January 2026

Published
22 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.0007 21.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-68015 is a critical-severity Code Injection (CWE-94) vulnerability. Its CVSS base score is 9.0 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 21.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 RA-5 (Vulnerability Monitoring and Scanning) and SI-10 (Information Input Validation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190). What defenders deploy: see the NIST 800-53 controls recommended below.
Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Requires timely identification, reporting, and correction of software flaws like this code injection vulnerability in the WordPress plugin, directly preventing exploitation through patching.

SI-10 Information Input Validation good match
prevent

Enforces validation and sanitization of information inputs to the system, directly countering code injection attacks by rejecting malformed or malicious inputs targeting the plugin.

RA-5 Vulnerability Monitoring and Scanning good match
preventdetect

Mandates vulnerability scanning and monitoring to identify the specific code injection flaw in the plugin, enabling proactive remediation before attacker exploitation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
Why these techniques?

Direct RCE via unauthenticated code injection in public-facing WordPress plugin maps to exploitation of public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

NVD Description

Improper Control of Generation of Code ('Code Injection') vulnerability in Vollstart Event Tickets with Ticket Scanner event-tickets-with-ticket-scanner allows Code Injection.This issue affects Event Tickets with Ticket Scanner: from n/a through <= 2.8.5.

Deeper analysisAI

CVE-2025-68015 is an Improper Control of Generation of Code ('Code Injection') vulnerability, classified under CWE-94, in the WordPress plugin Event Tickets with Ticket Scanner by Vollstart. This issue affects all versions of the plugin from n/a through 2.8.5. The vulnerability carries a CVSS v3.1 base score of 9.0 (AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H), indicating critical severity due to its potential for severe impact.

The vulnerability enables remote code execution via code injection. Unauthenticated attackers (PR:N) can exploit it over the network (AV:N) without user interaction (UI:N), though it requires high attack complexity (AC:H). Successful exploitation grants high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H) with a changed scope (S:C), allowing attackers to execute arbitrary code on the affected WordPress site.

Patchstack provides details on the vulnerability, describing it as a remote code execution issue in versions up to 2.8.5, in their advisory at https://patchstack.com/database/Wordpress/Plugin/event-tickets-with-ticket-scanner/vulnerability/wordpress-event-tickets-with-ticket-scanner-plugin-2-7-10-remote-code-execution-rce-vulnerability?_s_id=cve.

Details

CWE(s)
CWE-94

CVEs Like This One

CVE-2025-23209Shared CWE-94
CVE-2026-39440Shared CWE-94
CVE-2026-3300Shared CWE-94
CVE-2025-6389Shared CWE-94
CVE-2025-8723Shared CWE-94
CVE-2025-34277Shared CWE-94
CVE-2025-57141Shared CWE-94
CVE-2024-48818Shared CWE-94
CVE-2025-10679Shared CWE-94
CVE-2025-9321Shared CWE-94

References