Vulnerabilities > Tickera

DATE CVE VULNERABILITY TITLE RISK
2024-11-05 CVE-2024-10263 Code Injection vulnerability in Tickera
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4.
network
low complexity
tickera CWE-94
7.3
2024-06-10 CVE-2024-35729 Missing Authorization vulnerability in Tickera
Missing Authorization vulnerability in Tickera.This issue affects Tickera: from n/a through 3.5.2.6.
network
low complexity
tickera CWE-862
8.8
2023-09-27 CVE-2023-41861 Unspecified vulnerability in Tickera Restrict
Unauth.
network
low complexity
tickera
6.1
2023-01-16 CVE-2022-4549 Unspecified vulnerability in Tickera
The Tickera WordPress plugin before 3.5.1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.
network
low complexity
tickera
4.3
2021-12-27 CVE-2021-24797 Unspecified vulnerability in Tickera
The Tickera WordPress plugin before 3.4.8.3 does not properly sanitise and escape the Name fields of booked Events before outputting them in the Orders admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins.
network
low complexity
tickera
6.1