3 matches found
CVE-2023-7252
The Tickera WordPress plugin before 3.5.2.5 does not prevent users from leaking other users' tickets...
CVE-2023-7252
CVE-2023-7252 affects the Tickera WordPress Event Ticketing plugin (before 3.5.2.5). Multiple sources confirm an Insecure Direct Object Reference (IDOR) condition that permits leakage of other users’ tickets due to insufficient access controls. The issue is tracked in public CVE records with the ...
WordPress Tickera Plugin < 3.5.2.5 is vulnerable to Insecure Direct Object References (IDOR)
Software Tickera Type Plugin Vulnerable versions 3.5.2.5 Fixed in 3.5.2.5 OWASP Top 10 A4: Insecure Design Classification Insecure Direct Object References IDOR CVE CVE-2023-7252 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID 18b5f01f3b4e Credits Martin Thirup Christensen...