The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete all tickets associated with events.
References
Configurations
History
05 Jul 2024, 13:52
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-863 | |
References | () https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3103413%40tickera-event-ticketing-system&new=3103413%40tickera-event-ticketing-system&sfp_email=&sfph_mail= - Product | |
References | () https://www.wordfence.com/threat-intel/vulnerabilities/id/d86aa41c-24df-49ec-b273-7bb57addddde?source=cve - Third Party Advisory | |
First Time |
Tickera tickera
Tickera |
|
CPE | cpe:2.3:a:tickera:tickera:*:*:*:*:*:wordpress:*:* |
20 Jun 2024, 12:44
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
18 Jun 2024, 04:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-06-18 04:15
Updated : 2024-07-05 13:52
NVD link : CVE-2024-5860
Mitre link : CVE-2024-5860
CVE.ORG link : CVE-2024-5860
JSON object : View
Products Affected
tickera
- tickera
CWE
CWE-863
Incorrect Authorization