CVE-2020-10489

CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request...

CVE-2025-14034

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'deletesingleticketcallback' and 'changeticketstatuscallback' functions in all versions up to, and including, 1.2.6. This makes it...

CVE-2025-14034

The vulnerability CVE-2025-14034 affects the ilGhera Support System for WooCommerce WordPress plugin. A missing capability check in delete_single_ticket_callback and change_ticket_status_callback in all versions through 1.2.6 allows authenticated attackers with Subscriber+ privileges to delete ar...

CVE-2025-14034 ilGhera Support System for WooCommerce <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Deletion

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'deletesingleticketcallback' and 'changeticketstatuscallback' functions in all versions up to, and including, 1.2.6. This makes it...

PT-2026-1402

Name of the Vulnerable Software and Affected Versions ilGhera Support System for WooCommerce plugin versions prior to 1.2.7 Description The ilGhera Support System for WooCommerce plugin for WordPress has a flaw that allows unauthorized modification and data loss. A missing capability check in the...

WordPress ilGhera Support System for WooCommerce plugin <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Deletion vulnerability

Missing Authorization to Authenticated Subscriber+ Arbitrary Ticket Deletion vulnerability discovered by Md. Moniruzzaman Prodhan NomanProdhan - Knight Squad in WordPress Plugin Woocommerce Support System versions = 1.2.6...

EUVD-2025-38357

The Ovatheme Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /class-ovaem-ajax.php file in all versions up to, and including, 1.8.6. This makes it possible for unauthenticated attackers to delete ticket files,...

CVE-2025-7663

The CVE describes an unauthorized-access vulnerability in the WordPress Ovatheme Events Manager plugin, caused by missing capability checks in the /class-ovaem-ajax.php file. Affected versions are up to and including 1.8.6. The flaw allows unauthenticated attackers to perform privileged actions s...

CVE-2025-7663 Ovatheme Events Manager <= 1.8.6 - Missing Authorization

The Ovatheme Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /class-ovaem-ajax.php file in all versions up to, and including, 1.8.6. This makes it possible for unauthenticated attackers to delete ticket files,...

PT-2025-45554

Name of the Vulnerable Software and Affected Versions Ovatheme Events Manager plugin for WordPress versions through 1.8.6 Description The Ovatheme Events Manager plugin for WordPress is susceptible to unauthorized access. A missing capability check on several functions within the...

EUVD-2012-4658

Malware in sbrugna...

EUVD-2020-2942

Malware in sbrugna...

EUVD-2021-11751

Malware in sbrugna...

EUVD-2021-11755

Malware in sbrugna...

EUVD-2024-47003

Malicious code in bioql PyPI...

CVE-2025-5957

The Guest Support – Complete customer support ticket system for WordPress plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'deleteMassTickets' function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated...

CVE-2024-5860

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tcdldeletetickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level...

CVE-2012-4733

Request Tracker RT 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors...

CVE-2025-1402

The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ajaxticketdelete' function in all versions up to, and including, 5.19.1.1. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2025-1402

CVE-2025-1402 affects the WordPress Event Tickets and Registration plugin. A missing capability check in the ajax_ticket_delete function in all versions up to 5.19.1.1 allows authenticated attackers with Contributor+ access to delete arbitrary Attendee tickets, causing unauthorized data loss. The...