🔎 Have you found a vulnerability in a WordPress plugin or theme? Report vulnerabilities in WordPress plugins and themes through our bug bounty program and earn a bounty on all in-scope submissions, while we handle the responsible disclosure process on your behalf.

Tickera – WordPress Event Ticketing

Wordfence Intelligence > Vulnerability Database > WordPress Plugins > Tickera – WordPress Event Ticketing

Information

Software Type	Plugin
Software Slug	tickera-event-ticketing-system (view on wordpress.org)
Software Status	Removed
Software Author	tickera
Software Website	tickera.com
Software Downloads	286,189
Software Active Installs	4,000
Software Record Last Updated	July 26, 2024

7 Vulnerabilities

Tickera <= 3.5.2.8 - Missing Authorization to Authenticated (Susbcriber+) Ticket Deletion

4.3

CVE-2024-5860

Jun 17, 2024

Researcher: Lucio Sá

Tickera <= 3.5.2.6 - Missing Authorization

4.3

CVE-2024-35729

Jun 6, 2024

Researcher: Manab Jyoti Dowarah

Tickera – WordPress Event Ticketing <= 3.5.2.4 - Insecure Direct Object Reference to Information Exposure

5.3

CVE-2023-7252

Apr 1, 2024

Researcher: Martin Thirup Christensen

Tickera <= 3.5.1.0 - Cross-Site Request Forgery to Ticket Post Status Change

4.3

CVE-2023-23726

Feb 14, 2023

Researcher: István Márton

Tickera <= 3.4.9.9 - Cross-Site Request Forgery to Plugin Data Deletion & Settings Changes

4.3

CVE-2022-4549

Dec 23, 2022

Researcher: rezaduty

Freemius SDK <= 2.4.2 - Missing Authorization Checks

6.3

CVE ID Unknown

Mar 4, 2022

Researchers:

Tickera <= 3.4.8.2 - Unauthenticated Stored Cross-Site Scripting

7.2

CVE-2021-24797

Nov 23, 2021

Researcher: Ajit Bhatta

Title	Status	CVE ID	CVSS	Researchers	Date
Tickera <= 3.5.2.8 - Missing Authorization to Authenticated (Susbcriber+) Ticket Deletion	Patched	CVE-2024-5860	4.3	Lucio Sá	June 17, 2024
Tickera <= 3.5.2.6 - Missing Authorization	Patched	CVE-2024-35729	4.3	Manab Jyoti Dowarah	June 6, 2024
Tickera – WordPress Event Ticketing <= 3.5.2.4 - Insecure Direct Object Reference to Information Exposure	Patched	CVE-2023-7252	5.3	Martin Thirup Christensen	April 1, 2024
Tickera <= 3.5.1.0 - Cross-Site Request Forgery to Ticket Post Status Change	Patched	CVE-2023-23726	4.3	István Márton	February 14, 2023
Tickera <= 3.4.9.9 - Cross-Site Request Forgery to Plugin Data Deletion & Settings Changes	Patched	CVE-2022-4549	4.3	rezaduty	December 23, 2022
Freemius SDK <= 2.4.2 - Missing Authorization Checks	Patched		6.3		March 4, 2022
Tickera <= 3.4.8.2 - Unauthenticated Stored Cross-Site Scripting	Patched	CVE-2021-24797	7.2	Ajit Bhatta	November 23, 2021

Did you know Wordfence Intelligence provides free personal and commercial API access to our comprehensive WordPress vulnerability database, along with a free webhook integration to stay on top of the latest vulnerabilities added and updated in the database? Get started today!

Learn more

Want to get notified of the latest vulnerabilities that may affect your WordPress site?
Install Wordfence on your site today to get notified immediately if your site is affected by a vulnerability that has been added to our database.

Get Wordfence

The Wordfence Intelligence WordPress vulnerability database is completely free to access and query via API. Please review the documentation on how to access and consume the vulnerability data via API.

Documentation