The Event Tickets plugin for WordPress has a security issue that allows hackers to inject harmful code onto a website. This can happen if someone clicks on a malicious link, even if they are not logged in. This vulnerability is present in versions up to and including 5.20.0.