5 matches found
CVE-2024-10263
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes...
CVE-2024-10263
creationtimestamp| type| source ---|---|--- 2024-11-05 12:48:03+00:00| seen| https://infosec.exchange/users/cve/statuses/113430421998520045 2024-11-05 14:41:59+00:00| seen| https://t.me/cvedetector/9863...
CVE-2024-10263 Tickera – WordPress Event Ticketing <= 3.5.4.4 - Unauthenticated Arbitrary Shortcode Execution
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes...
CVE-2024-10263 Tickera – WordPress Event Ticketing <= 3.5.4.4 - Unauthenticated Arbitrary Shortcode Execution
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes...
WordPress Tickera Plugin <= 3.5.4.4 is vulnerable to Broken Access Control
Software Tickera Type Plugin Vulnerable versions = 3.5.4.4 Fixed in 3.5.4.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10263 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7ffc68e88c86 Credits Arkadiusz Hydzik Required...