CVE-2025-14034 ilGhera Support System for WooCommerce <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Deletion

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'deletesingleticketcallback' and 'changeticketstatuscallback' functions in all versions up to, and including, 1.2.6. This makes it...

CVE-2025-7663 Ovatheme Events Manager <= 1.8.6 - Missing Authorization

The Ovatheme Events Manager plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on several functions in the /class-ovaem-ajax.php file in all versions up to, and including, 1.8.6. This makes it possible for unauthenticated attackers to delete ticket files,...

CVE-2025-1402

The Event Tickets and Registration plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'ajaxticketdelete' function in all versions up to, and including, 5.19.1.1. This makes it possible for authenticated attackers, with Contributor-level access...

CVE-2024-5860

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tcdldeletetickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level...

PT-2024-37199 · WordPress · The Tickera

Name of the Vulnerable Software and Affected Versions: The Tickera – WordPress Event Ticketing plugin versions up to, and including, 3.5.2.8 Description: The issue is related to unauthorized loss of data due to a missing capability check on the tc dl delete tickets AJAX action. This allows...

WordPress plugin Tickera security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2021-24843

The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsctickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via the setdeletepermanentlybulkticket settingaction...

CVE-2021-24843

The SupportCandy WordPress plugin before 2.2.7 does not have CRSF check in its wpsctickets AJAX action, which could allow attackers to make a logged in admin call it and delete arbitrary tickets via the setdeletepermanentlybulkticket settingaction...

CVE-2020-10489

CSRF in admin/manage-tickets.php in Chadha PHPKB Standard Multi-Language 9 allows attackers to delete a ticket via a crafted request...

CVE-2012-4733

CVE-2012-4733 affects Request Tracker (RT) 4.x prior to 4.0.13. The issue is an improper enforcement of the DeleteTicket and “custom lifecycle transition” permissions, allowing remote authenticated users who have the ModifyTicket permission to delete tickets via unspecified vectors. The connected...

CVE-2012-4733

Request Tracker RT 4.x before 4.0.13 does not properly enforce the DeleteTicket and "custom lifecycle transition" permission, which allows remote authenticated users with the ModifyTicket permission to delete tickets via unspecified vectors...