Live Vulnerability Intelligence
Threat Database
Search CVEs, inspect descriptions, and open detail pages with AI-assisted technical context.
Threat Entry
Updated 2024-12-14
CVE-2024-12578 - Wordpress Event Ticketing Plugin
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickera_tickets_info' endpoint. This makes it possible for unauthenticated attackers to extract sensitive data from bookings like full names, email addresses, check-in/out timestamps and more.
PLUGIN
Wordpress Event Ticketing
CVE-2024-12578
Risk Score
Threat Entry
Updated 2024-11-08
CVE-2024-10263 - Wordpress Event Ticketing Plugin
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
PLUGIN
Wordpress Event Ticketing
CVE-2024-10263
Risk Score
Threat Entry
Updated 2024-11-21
CVE-2024-5860 - Wordpress Event Ticketing Plugin
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all tickets associated with events.
PLUGIN
Wordpress Event Ticketing
CVE-2024-5860
Risk Score