Lucene search
+L

71 matches found

nvd
nvd
added 14 hours ago5 views

CVE-2026-13755

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'pricewrapper' Shortcode Attribute in all versions up to, and including, 3.6.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS
Exploits0References5
nvd
nvd
added 14 hours ago6 views

CVE-2026-13754

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 3.6.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS
Exploits0References5
cve
cve
added 15 hours ago8 views

CVE-2026-13755

The Tickera – Sell Tickets & Manage Events WordPress plugin (up to version 3.6.0.0) is affected by a Stored Cross‑Site Scripting vulnerability via the price_wrapper shortcode attribute. The root cause is insufficient input sanitization and output escaping, allowing authenticated attackers with co...

6.4CVSS6.3AI score
Exploits0References5
cvelist
cvelist
added 15 hours ago15 views

CVE-2026-13755 Tickera <= 3.6.0.0 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'price_wrapper' Shortcode Attribute

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'pricewrapper' Shortcode Attribute in all versions up to, and including, 3.6.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS
Exploits0References5
euvd
euvd
added 15 hours ago5 views

EUVD-2026-44894

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'pricewrapper' Shortcode Attribute in all versions up to, and including, 3.6.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

6.4CVSS6.3AI score
Exploits0References5
cve
cve
added 15 hours ago5 views

CVE-2026-13754

The affected product is the Tickera – Sell Tickets & Manage Events plugin for WordPress. Affected component: the plugin’s SQL handling exposed by the parameter s, enabling a generic SQL Injection in all versions up to and including 3.6.0.0 due to insufficient escaping of user input and inadequate...

6.5CVSS6.1AI score
Exploits0References5
euvd
euvd
added 15 hours ago5 views

EUVD-2026-44887

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to generic SQL Injection via the 's' parameter in all versions up to, and including, 3.6.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This...

6.5CVSS6.1AI score
Exploits0References5
nvd
nvd
added 2026/02/18 6:16 a.m.12 views

CVE-2025-12356

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxchangeticketstatus' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attackers,...

4.3CVSS0.00237EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/02/18 5:29 a.m.4 views

CVE-2025-12356 Tickera – WordPress Event Ticketing <= 3.5.6.4 - Missing Authorization to Authenticated (Subscriber+) Event/Post Status Update

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxchangeticketstatus' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attackers,...

4.3CVSS5.5AI score0.00237EPSS
Exploits0References3
cvelist
cvelist
added 2026/02/18 5:29 a.m.31 views

CVE-2025-12356 Tickera – WordPress Event Ticketing <= 3.5.6.4 - Missing Authorization to Authenticated (Subscriber+) Event/Post Status Update

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxchangeticketstatus' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attackers,...

4.3CVSS0.00237EPSS
Exploits0References3
cve
cve
added 2026/02/18 5:29 a.m.20 views

CVE-2025-12356

CVE-2025-12356 concerns Tickera – Sell Tickets & Manage Events for WordPress. The issue is an unauthorized data modification vulnerability caused by a missing capability check on the wp_ajax_change_ticket_status endpoint. It affects all versions up to and including 3.5.6.4, enabling authenticated...

4.3CVSS5.5AI score0.00237EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/02/18 5:29 a.m.4 views

CVE-2025-12356

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxchangeticketstatus' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attackers,...

4.3CVSS5.5AI score0.00237EPSS
Exploits0References4
cnnvd
cnnvd
added 2026/02/18 12:0 a.m.9 views

WordPress plugin Tickera – Sell Tickets & Manage Events 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

4.3CVSS5.8AI score0.00237EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2026/02/18 12:0 a.m.14 views

PT-2026-20222

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp ajax change ticket status' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attacker...

4.3CVSS5.5AI score0.00237EPSS
Exploits0References4
patchstack
patchstack
added 2026/02/17 11:47 p.m.7 views

WordPress Tickera - WordPress Event Ticketing plugin <= 3.5.6.4 - Missing Authorization to Authenticated (Subscriber+) Event/Post Status Update vulnerability

WordPress Tickera - WordPress Event Ticketing plugin = 3.5.6.4 - Missing Authorization to Authenticated Subscriber+ Event/Post Status Update vulnerability discovered by Athiwat Tiprasaharn Jitlada in WordPress Plugin Tickera versions = 3.5.6.4...

4.3CVSS5.5AI score0.00237EPSS
Exploits0References1Affected Software1
patchstack
patchstack
added 2026/02/03 4:15 a.m.9 views

WordPress Tickera plugin <= 3.5.4.8 - Unauthenticated Customer Data Exposure vulnerability

Unauthenticated Customer Data Exposure vulnerability discovered by WordFence in WordPress Plugin Tickera versions = 3.5.4.8...

5.3CVSS8.3AI score0.0049EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2026/01/22 4:51 p.m.2 views

CVE-2025-67939 WordPress Tickera plugin <= 3.5.6.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through = 3.5.6.2...

6.5CVSS5.9AI score0.00333EPSS
Exploits0References1
cvelist
cvelist
added 2026/01/22 4:51 p.m.21 views

CVE-2025-67939 WordPress Tickera plugin <= 3.5.6.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through = 3.5.6.2...

6.5CVSS0.00333EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/01/22 12:0 a.m.7 views

WordPress plugin Tickera has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

6.5CVSS5.8AI score0.00333EPSS
Exploits0References1
patchstack
patchstack
added 2026/01/16 8:16 a.m.6 views

WordPress Tickera plugin <= 3.5.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Tickera versions = 3.5.6.2...

6.5CVSS7AI score0.00333EPSS
Exploits0Affected Software1
Rows per page
Query Builder