cleantalk
Vulnerabilities and Security Researches

Tickera – WordPress Event Ticketing, CVE-2024-12578

CVE, Research URL

CVE-2024-12578

Home page URL

Security reports for Tickera – WordPress Event Ticketing

Application

Tickera – WordPress Event Ticketing

Published on
Dec 14, 2024
Research Description
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickera_tickets_info' endpoint. This makes it possible for unauthenticated attackers to extract sensitive data from bookings like full names, email addresses, check-in/out timestamps and more.
Affected versions
Min -, max 3.5.4.9.
Status
vulnerable
Previous vulnerability researches
Tickera – WordPress Event Ticketing (CVE-2025-58611) , Sep 05, 2025
Tickera – WordPress Event Ticketing (CVE-2024-35729) , Jun 11, 2024
Tickera – WordPress Event Ticketing (CVE-2024-10263) , Nov 05, 2024
Tickera – WordPress Event Ticketing (CVE-2023-23726) , Jun 10, 2024
Tickera – WordPress Event Ticketing (CVE-2025-30851) , Apr 02, 2025
New vulnerability
PDF Embedder , Sep 11, 2025
Pixeline's Email Protector (CVE-2025-58982) , Sep 11, 2025
Include Me (CVE-2025-58983) , Sep 11, 2025
PagSeguro / PagBank Connect (CVE-2025-10142) , Sep 11, 2025
Duplicate Page and Post (CVE-2025-6189) , Sep 11, 2025