cleantalk
Vulnerabilities and Security Researches

Tickera – WordPress Event Ticketing, CVE-2024-5860

CVE, Research URL

CVE-2024-5860

Home page URL

Security reports for Tickera – WordPress Event Ticketing

Application

Tickera – WordPress Event Ticketing

Published on
Jun 18, 2024
Research Description
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all tickets associated with events.
Affected versions
Min -, max 3.5.2.9.
Status
vulnerable
Previous vulnerability researches
Tickera – WordPress Event Ticketing (CVE-2025-58611) , Sep 05, 2025
Tickera – WordPress Event Ticketing (CVE-2024-35729) , Jun 11, 2024
Tickera – WordPress Event Ticketing (CVE-2024-10263) , Nov 05, 2024
Tickera – WordPress Event Ticketing (CVE-2023-23726) , Jun 10, 2024
Tickera – WordPress Event Ticketing (CVE-2025-30851) , Apr 02, 2025
New vulnerability
PDF Embedder , Sep 11, 2025
Pixeline's Email Protector (CVE-2025-58982) , Sep 11, 2025
Include Me (CVE-2025-58983) , Sep 11, 2025
PagSeguro / PagBank Connect (CVE-2025-10142) , Sep 11, 2025
Duplicate Page and Post (CVE-2025-6189) , Sep 11, 2025