CVE-2026-4373

The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...

CVE-2026-4373 JetFormBuilder <= 3.5.6.2 - Unauthenticated Arbitrary File Read via Media Field

The JetFormBuilder plugin for WordPress is vulnerable to arbitrary file read via path traversal in all versions up to, and including, 3.5.6.2. This is due to the 'UploadedFile::setfromarray' method accepting user-supplied file paths from the Media Field preset JSON payload without validating that...

CVE-2025-67973

Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through = 3.5.6.2...

CVE-2025-67973

Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through = 3.5.6.2...

CVE-2025-67973

CVE-2025-67973 describes a Missing Authorization (Broken Access Control) issue in the WordPress plugin Sunshine Photo Cart, affecting Sunshine Photo Cart up to version 3.5.6.2. Public reports from Red Hat and NVD corroborate a misconfigured access control allowing unauthorized access within Sunsh...

CVE-2025-67973 WordPress Sunshine Photo Cart plugin <= 3.5.6.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through = 3.5.6.2...

CVE-2025-67973 WordPress Sunshine Photo Cart plugin <= 3.5.6.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through = 3.5.6.2...

PT-2026-21047

Name of the Vulnerable Software and Affected Versions Sunshine Photo Cart versions through 3.5.6.2 Description An authorization issue exists in Sunshine Photo Cart that allows exploitation of incorrectly configured access control security levels. Recommendations At the moment, there is no...

WordPress Sunshine Photo Cart plugin <= 3.5.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by Legion Hunter in WordPress Plugin Sunshine Photo Cart versions = 3.5.6.2...

CVE-2025-67939

Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through = 3.5.6.2...

CVE-2025-67939 WordPress Tickera plugin <= 3.5.6.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through = 3.5.6.2...

CVE-2025-67939

CVE-2025-67939 (Tickera WordPress Tickera plugin) is a Missing Authorization / Broken Access Control vulnerability affecting Tickera up to version 3.5.6.2. The issue arises from incorrectly configured access control security levels, allowing unauthorized access. Public records from NVD/Red Hat/CV...

CVE-2025-67939

Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through = 3.5.6.2...

WordPress plugin Tickera has a security vulnerability

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application plugin. There is a...

PT-2026-4022

Name of the Vulnerable Software and Affected Versions Tickera versions through 3.5.6.2 Description A missing authorization issue exists in Tickera tickera-event-ticketing-system, allowing exploitation of incorrectly configured access control security levels. Recommendations Update Tickera to a...

WordPress Tickera plugin <= 3.5.6.2 - Broken Access Control vulnerability

Broken Access Control vulnerability discovered by daroo in WordPress Plugin Tickera versions = 3.5.6.2...