Lucene search
+L

72 matches found

RedhatCVE
RedhatCVE
added 2025/02/05 4:56 a.m.11 views

CVE-2024-10263

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes...

7.3CVSS7.6AI score0.00492EPSS
Exploits0References1
NVD
NVD
added 2024/12/14 5:15 a.m.12 views

CVE-2024-12578

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickeraticketsinfo' endpoint. This makes it possible for unauthenticated attackers to extract sensitive data from bookings like full names, ema...

5.3CVSS0.0049EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/12/14 4:23 a.m.17 views

CVE-2024-12578 Tickera – WordPress Event Ticketing <= 3.5.4.8 - Unauthenticated Customer Data Exposure

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickeraticketsinfo' endpoint. This makes it possible for unauthenticated attackers to extract sensitive data from bookings like full names, ema...

5.3CVSS0.0049EPSS
Exploits0References2
CVE
CVE
added 2024/12/14 4:23 a.m.43 views

CVE-2024-12578

CVE-2024-12578 affects the Tickera – WordPress Event Ticketing plugin for WordPress. The vulnerability is an information disclosure via the unprotected tickera_tickets_info endpoint, allowing unauthenticated access to sensitive booking data (full names, email addresses, check-in/out timestamps, a...

5.3CVSS5.2AI score0.0049EPSS
Exploits0References2
CNNVD
CNNVD
added 2024/12/14 12:0 a.m.4 views

WordPress plugin Tickera – WordPress Event Ticketing 信息泄露漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. WordPress plugin Tickera -...

5.3CVSS8.2AI score0.0049EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/12/09 11:31 a.m.6 views

CVE-2023-23726 WordPress Tickera plugin <= 3.5.1.0 - CSRF Leading To Post Status Change vulnerability

Cross-Site Request Forgery CSRF vulnerability in Tickera Tickera tickera-event-ticketing-system allows Cross Site Request Forgery.This issue affects Tickera: from n/a through = 3.5.1.0...

5.4CVSS7.3AI score0.00264EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/09 12:0 a.m.3 views

WordPress plugin Tickera 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site reques...

5.4CVSS8.7AI score0.00264EPSS
Exploits0References1
OSV
OSV
added 2024/11/05 1:15 p.m.3 views

CVE-2024-10263

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running doshortcode. This makes...

7.3CVSS6.1AI score0.00492EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/11/05 3:51 a.m.8 views

WordPress Tickera plugin <= 3.5.4.4 - Unauthenticated Arbitrary Shortcode Execution vulnerability

Unauthenticated Arbitrary Shortcode Execution vulnerability discovered by Arkadiusz Hydzik in WordPress Plugin Tickera versions = 3.5.4.4...

7.3CVSS7.1AI score0.00492EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/11/05 12:0 a.m.15 views

WordPress Tickera Plugin <= 3.5.4.4 is vulnerable to Broken Access Control

Software Tickera Type Plugin Vulnerable versions = 3.5.4.4 Fixed in 3.5.4.6 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-10263 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID 7ffc68e88c86 Credits Arkadiusz Hydzik Required...

7.3CVSS6.5AI score0.00492EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/11/05 12:0 a.m.7 views

WordPress plugin Tickera – WordPress Event Ticketing 代码注入漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.WordPress plugin is an application plugin. WordPress plugin Tickera - WordPres...

7.3CVSS8.9AI score0.00492EPSS
Exploits0References2
OSV
OSV
added 2024/06/18 4:15 a.m.5 views

CVE-2024-5860

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tcdldeletetickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level...

4.3CVSS5.8AI score0.0028EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/06/17 5:30 p.m.7 views

WordPress Tickera plugin <= 3.5.2.8 - Authenticated Ticket Deletion vulnerability

Authenticated Ticket Deletion vulnerability discovered by Lucio Sá in WordPress Plugin Tickera versions = 3.5.2.8...

4.3CVSS7AI score0.0028EPSS
Exploits0References1Affected Software1
Patchstack
Patchstack
added 2024/06/17 12:0 a.m.9 views

WordPress Tickera Plugin <= 3.5.2.8 is vulnerable to Broken Access Control

Software Tickera Type Plugin Vulnerable versions = 3.5.2.8 Fixed in 3.5.2.9 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-5860 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 94f597cb32e8 Credits Lucio Sá Required privilege...

4.3CVSS6.6AI score0.0028EPSS
Exploits0References3Affected Software1
CNNVD
CNNVD
added 2024/06/10 12:0 a.m.5 views

WordPress plugin Tickera security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

8.8CVSS6.7AI score0.00336EPSS
Exploits0References2
Patchstack
Patchstack
added 2024/06/06 1:18 p.m.7 views

WordPress Tickera plugin <= 3.5.2.6 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Manab Jyoti Dowarah in WordPress Plugin Tickera versions = 3.5.2.6...

8.8CVSS7AI score0.00336EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 2024/04/22 6:47 a.m.9 views

WordPress Tickera plugin < 3.5.2.5 - Ticket leakage through IDOR vulnerability

Ticket leakage through IDOR vulnerability discovered by Martin Thirup Christensen in WordPress Plugin Tickera versions 3.5.2.5...

5.3CVSS7AI score0.00515EPSS
Exploits2References1Affected Software1
NVD
NVD
added 2024/04/22 5:15 a.m.20 views

CVE-2023-7252

The Tickera WordPress plugin before 3.5.2.5 does not prevent users from leaking other users' tickets...

5.3CVSS6.5AI score0.00515EPSS
Exploits2References1
OSV
OSV
added 2024/04/22 5:15 a.m.6 views

CVE-2023-7252

The Tickera WordPress plugin before 3.5.2.5 does not prevent users from leaking other users' tickets...

5.3CVSS5.8AI score0.00515EPSS
Exploits2References1
Positive Technologies
Positive Technologies
added 2024/04/22 12:0 a.m.8 views

PT-2024-15252 · WordPress · Tickera

Name of the Vulnerable Software and Affected Versions: The Tickera WordPress plugin versions prior to 3.5.2.5 Description: The issue allows users to leak other users' tickets due to a lack of proper prevention mechanisms. Recommendations: For versions prior to 3.5.2.5, update to version 3.5.2.5 o...

5.3CVSS9.4AI score0.00515EPSS
Exploits2References4
Rows per page
Query Builder