VYPR

Tickera

by WordPress

CVEs (6)

  • CVE-2021-24797MedDec 27, 2021
    risk 0.40cvss 6.1epss 0.01

    The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.

  • CVE-2024-5860MedJun 18, 2024
    risk 0.28cvss 4.3epss 0.00

    The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers,…

  • CVE-2022-4549MedJan 16, 2023
    risk 0.28cvss 4.3epss 0.00

    The Tickera WordPress plugin before 3.5.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.

  • CVE-2025-12356MedFeb 18, 2026
    risk 0.21cvss 4.3epss 0.00

    The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_change_ticket_status' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for…

  • CVE-2024-10263Nov 5, 2024
    risk 0.00cvss epss 0.00

    The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running…

  • CVE-2023-7252Apr 22, 2024
    risk 0.00cvss epss 0.01

    The Tickera WordPress plugin before 3.5.2.5 does not prevent users from leaking other users' tickets.