Vulnerabilities and security researches fortickera-event-ticketing-system tickera-event-ticketing-system
Direction: ascendingJun 06, 2024
Tickera – WordPress Event Ticketing # CVE-2023-7252
- CVE, Research URL
- Application
- Date
- Apr 22, 2024
- Research Description
- The Tickera WordPress plugin before 3.5.2.5 does not prevent users from leaking other users' tickets.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Tickera – WordPress Event Ticketing # CVE-2021-24797
- CVE, Research URL
- Application
- Date
- Dec 27, 2021
- Research Description
- The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Tickera – WordPress Event Ticketing # CVE-2022-4549
- CVE, Research URL
- Application
- Date
- Jan 16, 2023
- Research Description
- The Tickera WordPress plugin before 3.5.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jun 10, 2024
Tickera – WordPress Event Ticketing # CVE-2023-23726
- CVE, Research URL
- Application
- Date
- Dec 09, 2024
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Tickera.com Tickera allows Cross Site Request Forgery.This issue affects Tickera: from n/a through 3.5.1.0.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jun 11, 2024
Tickera – WordPress Event Ticketing # CVE-2024-35729
- CVE, Research URL
- Application
- Date
- Jun 10, 2024
- Research Description
- Missing Authorization vulnerability in Tickera.This issue affects Tickera: from n/a through 3.5.2.6.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Jun 19, 2024
Tickera – WordPress Event Ticketing # CVE-2024-5860
- CVE, Research URL
- Application
- Date
- Jun 18, 2024
- Research Description
- The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all tickets associated with events.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Nov 05, 2024
Tickera – WordPress Event Ticketing # CVE-2024-10263
- CVE, Research URL
- Application
- Date
- Nov 05, 2024
- Research Description
- The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Dec 15, 2024
Tickera – WordPress Event Ticketing # CVE-2024-12578
- CVE, Research URL
- Application
- Date
- Dec 14, 2024
- Research Description
- The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickera_tickets_info' endpoint. This makes it possible for unauthenticated attackers to extract sensitive data from bookings like full names, email addresses, check-in/out timestamps and more.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Apr 02, 2025
Tickera – WordPress Event Ticketing # CVE-2025-30851
- CVE, Research URL
- Application
- Date
- Mar 27, 2025
- Research Description
- Missing Authorization vulnerability in Tickera Tickera allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Tickera: from n/a through 3.5.5.2.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
May 06, 2025
Tickera – WordPress Event Ticketing # CVE-2022-4974
- CVE, Research URL
- Application
- Date
- Oct 16, 2024
- Research Description
- The Freemius SDK, as used by hundreds of WordPress plugin and theme developers, was vulnerable to Cross-Site Request Forgery and Information disclosure due to missing capability checks and nonce protection on the _get_debug_log, _get_db_option, and the _set_db_option functions in versions up to, and including 2.4.2. Any WordPress plugin or theme running a version of Freemius less than 2.4.3 is vulnerable.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable
Sep 05, 2025
Tickera – WordPress Event Ticketing # CVE-2025-58611
- CVE, Research URL
- Application
- Date
- Sep 03, 2025
- Research Description
- Cross-Site Request Forgery (CSRF) vulnerability in Tickera Tickera allows Cross Site Request Forgery. This issue affects Tickera: from n/a through 3.5.5.6.
- Affected versions
-
Min -, max -.
- Status
-
vulnerable