CVE-2025-12356

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxchangeticketstatus' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attackers,...

CVE-2025-12356

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxchangeticketstatus' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attackers,...

CVE-2025-12356

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wpajaxchangeticketstatus' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attackers,...

WordPress plugin Tickera – Sell Tickets & Manage Events 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

PT-2026-20222

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp ajax change ticket status' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attacker...

CVE-2025-14034

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'deletesingleticketcallback' and 'changeticketstatuscallback' functions in all versions up to, and including, 1.2.6. This makes it...

CVE-2025-14034

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'deletesingleticketcallback' and 'changeticketstatuscallback' functions in all versions up to, and including, 1.2.6. This makes it...

CVE-2025-14034 ilGhera Support System for WooCommerce <= 1.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Ticket Deletion

The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'deletesingleticketcallback' and 'changeticketstatuscallback' functions in all versions up to, and including, 1.2.6. This makes it...

CVE-2025-14034

The vulnerability CVE-2025-14034 affects the ilGhera Support System for WooCommerce WordPress plugin. A missing capability check in delete_single_ticket_callback and change_ticket_status_callback in all versions through 1.2.6 allows authenticated attackers with Subscriber+ privileges to delete ar...

PT-2026-1402

Name of the Vulnerable Software and Affected Versions ilGhera Support System for WooCommerce plugin versions prior to 1.2.7 Description The ilGhera Support System for WooCommerce plugin for WordPress has a flaw that allows unauthorized modification and data loss. A missing capability check in the...

EUVD-2024-40288

Malicious code in bioql PyPI...

CampCodes Online Food Ordering System 注入漏洞

CampCodes Online Food Ordering System is an online food ordering system from CampCodes, Inc. An injection vulnerability exists in version 1.0 of the CampCodes Online Food Ordering System, which originates from an SQL injection caused by the operation of the ticketid parameter in the file...

SUSE CVE-2024-43446

An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023.X OTRS 2024.X OTRS Community Edition: 6.0.x Products based on the OTRS Community Edition...

CVE-2024-43446

An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023.X OTRS 2024.X OTRS Community Edition: 6.0.x Products based on the OTRS Community Edition...

CVE-2024-43446 Improper check of permissions in Generic Interface

An improper privilege management vulnerability in OTRS Generic Interface module allows change of the Ticket status even if the user only has ro permissions. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023.X OTRS 2024.X OTRS Community Edition: 6.0.x Products based on the OTRS Community Edition...

CVE-2024-43446

CVE-2024-43446 affects OTRS: improper privilege management in the Generic Interface module allows users with read-only privileges to change ticket status. Impacted: OTRS 7.0.x, 8.0.x, 2023.x, 2024.x and ((OTRS)) Community Edition 6.0.x (and products built on it). Root cause: insufficient access c...

PT-2025-2648 · Otrs · Otrs

Name of the Vulnerable Software and Affected Versions: OTRS versions 6.0.x through 8.0.x OTRS versions 2023.x through 2024.x Description: An improper privilege management issue in the OTRS Generic Interface module allows users with read-only permissions to change the ticket status. This issue may...

OTRS 安全漏洞

OTRS is a service management solution from the German company OTRS. A security vulnerability exists in OTRS that stems from a rights management vulnerability in the OTRS Common Interface Module that allows the Ticket status to be changed even if the user only has ro privileges...

CVE-2024-8416

A vulnerability was found in SourceCodester Food Ordering Management System 1.0. It has been classified as critical. This affects an unknown part of the file /routers/ticket-status.php. The manipulation of the argument ticketid leads to sql injection. It is possible to initiate the attack remotel...

PT-2024-38998 · Sourcecodester · Sourcecodester Food Ordering Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Food Ordering Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown part of the file /routers/ticket-status.php. The manipulation of the ticket id argument leads to SQL...