Tickera Security Vulnerabilities and Issues — Tickera CVE List

Lucene search

TickeraTickera

6 matches found

CVE•added 2024/04/22 5:15 a.m.•70 views

CVE-2023-7252

The Tickera WordPress plugin before 3.5.2.5 does not prevent users from leaking other users' tickets.

5.3CVSS9.3AI score0.00357EPSS

Web

CVE•added 2023/01/16 4:15 p.m.•48 views

CVE-2022-4549

The Tickera WordPress plugin before 3.5.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.

4.3CVSS4.5AI score0.00131EPSS

Web

CVE•added 2024/06/10 8:15 a.m.•43 views

CVE-2024-35729

Missing Authorization vulnerability in Tickera.This issue affects Tickera: from n/a through 3.5.2.6.

8.8CVSS6.8AI score0.00231EPSS

CVE•added 2024/06/18 4:15 a.m.•43 views

CVE-2024-5860

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level ...

4.3CVSS4.6AI score0.00122EPSS

CVE•added 2021/12/27 11:15 a.m.•42 views

CVE-2021-24797

The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.

6.1CVSS6AI score0.12126EPSS

Web

CVE•added 2024/11/05 1:15 p.m.•34 views

CVE-2024-10263

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes ...

7.3CVSS7.4AI score0.02571EPSS