CVE-2025-12356

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxchangeticketstatus' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attackers,...

CVE-2025-12356

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxchangeticketstatus' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attackers,...

CVE-2025-12356

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxchangeticketstatus' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attackers,...

CVE-2025-12356 Tickera – WordPress Event Ticketing <= 3.5.6.4 - Missing Authorization to Authenticated (Subscriber+) Event/Post Status Update

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxchangeticketstatus' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attackers,...

CVE-2025-12356 Tickera – WordPress Event Ticketing <= 3.5.6.4 - Missing Authorization to Authenticated (Subscriber+) Event/Post Status Update

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxchangeticketstatus' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attackers,...

CVE-2025-12356

CVE-2025-12356 concerns Tickera – Sell Tickets & Manage Events for WordPress. The issue is an unauthorized data modification vulnerability caused by a missing capability check on the wp_ajax_change_ticket_status endpoint. It affects all versions up to and including 3.5.6.4, enabling authenticated...

WordPress plugin Tickera – Sell Tickets & Manage Events 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-20222

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp ajax change ticket status' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attacker...

WordPress Tickera - WordPress Event Ticketing plugin <= 3.5.6.4 - Missing Authorization to Authenticated (Subscriber+) Event/Post Status Update vulnerability

WordPress Tickera - WordPress Event Ticketing plugin = 3.5.6.4 - Missing Authorization to Authenticated Subscriber+ Event/Post Status Update vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Tickera versions = 3.5.6.4...

WordPress Tickera plugin <= 3.5.4.8 - Unauthenticated Customer Data Exposure vulnerability

Unauthenticated Customer Data Exposure vulnerability discovered by WordFence in WordPress Plugin Tickera versions = 3.5.4.8...

CVE-2025-67939

Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through = 3.5.6.2...

CVE-2025-67939

Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through = 3.5.6.2...

CVE-2025-67939 WordPress Tickera plugin <= 3.5.6.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through = 3.5.6.2...

CVE-2025-67939 WordPress Tickera plugin <= 3.5.6.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through = 3.5.6.2...

CVE-2025-67939

Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through = 3.5.6.2...

CVE-2025-67939

CVE-2025-67939 (Tickera WordPress Tickera plugin) is a Missing Authorization / Broken Access Control vulnerability affecting Tickera up to version 3.5.6.2. The issue arises from incorrectly configured access control security levels, allowing unauthorized access. Public records from NVD/Red Hat/CV...

WordPress plugin Tickera has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

PT-2026-4022

Name of the Vulnerable Software and Affected Versions Tickera versions through 3.5.6.2 Description A missing authorization issue exists in Tickera tickera-event-ticketing-system, allowing exploitation of incorrectly configured access control security levels. Recommendations Update Tickera to a...

WordPress Tickera plugin <= 3.5.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Tickera versions = 3.5.6.2...

WordPress Tickera plugin <= 3.5.6.4 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Nabil Irawan in WordPress Plugin Tickera versions = 3.5.6.4...