Tickera

tickera

7 CVEs • 2 products

Products (2)

Click to collapse

Toggle

CVEs (7)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-10263 1Tickera 1Tickera Nov 8, 2024 Nov 5, 2024 N/A· v4 7.3 HIGH· v3 N/A· v2 The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action t...Show more The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.Show less
CVE-2024-5860 1Tickera 1Tickera Apr 8, 2026 Jun 18, 2024 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5....Show more The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all tickets associated with events.Show less
CVE-2024-35729 1Tickera 1Tickera Apr 23, 2026 Jun 10, 2024 N/A· v4 8.8 HIGH· v3 N/A· v2 Missing Authorization vulnerability in Tickera Tickera tickera-event-ticketing-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tickera: from n/a through <= 3.5.2.6.
CVE-2023-7252 1Tickera 1Tickera May 30, 2025 Apr 22, 2024 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The Tickera WordPress plugin before 3.5.2.5 does not prevent users from leaking other users' tickets.
CVE-2023-41861 1Tickera 1Restrict Nov 21, 2024 Sep 27, 2023 N/A· v4 6.1 MEDIUM· v3 N/A· v2 Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Restrict plugin <= 2.2.4 versions.
CVE-2022-4549 1Tickera 1Tickera Apr 4, 2025 Jan 16, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Tickera WordPress plugin before 3.5.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.
CVE-2021-24797 1Tickera 1Tickera Nov 21, 2024 Dec 27, 2021 N/A· v4 6.1 MEDIUM· v3 4.3 MEDIUM· v2 The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthenticated users to perform...Show more The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.Show less