72 matches found
CVE-2024-10263
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes...
CVE-2024-12578
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickeraticketsinfo' endpoint. This makes it possible for unauthenticated attackers to extract sensitive data from bookings like full names, ema...
CVE-2024-12578 Tickera – WordPress Event Ticketing <= 3.5.4.8 - Unauthenticated Customer Data Exposure
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickeraticketsinfo' endpoint. This makes it possible for unauthenticated attackers to extract sensitive data from bookings like full names, ema...
CVE-2024-12578
CVE-2024-12578 affects the Tickera – WordPress Event Ticketing plugin for WordPress. The vulnerability is an information disclosure via the unprotected tickera_tickets_info endpoint, allowing unauthenticated access to sensitive booking data (full names, email addresses, check-in/out timestamps, a...
WordPress plugin Tickera – WordPress Event Ticketing 信息泄露漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. WordPress plugin Tickera -...
CVE-2023-23726 WordPress Tickera plugin <= 3.5.1.0 - CSRF Leading To Post Status Change vulnerability
Cross-Site Request Forgery CSRF vulnerability in Tickera Tickera tickera-event-ticketing-system allows Cross Site Request Forgery.This issue affects Tickera: from n/a through = 3.5.1.0...
WordPress plugin Tickera 跨站请求伪造漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...
CVE-2024-10263
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes...
WordPress Tickera plugin <= 3.5.4.4 - Unauthenticated Arbitrary Shortcode Execution vulnerability
Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Tickera versions = 3.5.4.4...
WordPress Tickera Plugin <= 3.5.4.4 is vulnerable to Broken Access Control
Software Tickera Type Plugin Vulnerable versions = 3.5.4.4 Fixed in 3.5.4.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10263 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7ffc68e88c86 Credits Arkadiusz Hydzik Required...
WordPress plugin Tickera – WordPress Event Ticketing 代码注入漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Tickera - WordPres...
CVE-2024-5860
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tcdldeletetickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level...
WordPress Tickera plugin <= 3.5.2.8 - Authenticated Ticket Deletion vulnerability
Authenticated Ticket Deletion vulnerability discovered by Lucio Sá in WordPress Plugin Tickera versions = 3.5.2.8...
WordPress Tickera Plugin <= 3.5.2.8 is vulnerable to Broken Access Control
Software Tickera Type Plugin Vulnerable versions = 3.5.2.8 Fixed in 3.5.2.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5860 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 94f597cb32e8 Credits Lucio Sá Required privilege...
WordPress plugin Tickera security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
WordPress Tickera plugin <= 3.5.2.6 - Broken Access Control vulnerability
Broken Access Control vulnerability discovered by Manab Jyoti Dowarah in WordPress Plugin Tickera versions = 3.5.2.6...
WordPress Tickera plugin < 3.5.2.5 - Ticket leakage through IDOR vulnerability
Ticket leakage through IDOR vulnerability discovered by Martin Thirup Christensen in WordPress Plugin Tickera versions 3.5.2.5...
CVE-2023-7252
The Tickera WordPress plugin before 3.5.2.5 does not prevent users from leaking other users' tickets...
CVE-2023-7252
The Tickera WordPress plugin before 3.5.2.5 does not prevent users from leaking other users' tickets...
PT-2024-15252 · WordPress · Tickera
Name of the Vulnerable Software and Affected Versions: The Tickera WordPress plugin versions prior to 3.5.2.5 Description: The issue allows users to leak other users' tickets due to a lack of proper prevention mechanisms. Recommendations: For versions prior to 3.5.2.5, update to version 3.5.2.5 o...