Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

tickera — Vulnerabilities & Security Advisories 10

Browse all 10 CVE security advisories affecting tickera. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Tickera is a WordPress ticketing plugin for event management that has historically been vulnerable to multiple security issues, including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. The plugin has accumulated 10 CVEs to date, with several critical flaws allowing attackers to execute arbitrary code, steal sensitive data, or gain elevated access. Notable characteristics include improper input validation and insufficient access controls in its ticketing and registration functions. While no major public incidents have been widely documented, the consistent pattern of vulnerabilities across multiple versions highlights ongoing security challenges in its core functionality, particularly around user permissions and data handling.

Top products by tickera: Tickera Tickera – Sell Tickets & Manage Events Restrict – membership, site, content and user access restrictions for WordPress
CVE IDTitleCVSSSeverityPublished
CVE-2025-12356 Tickera – WordPress Event Ticketing <= 3.5.6.4 - Missing Authorization to Authenticated (Subscriber+) Event/Post Status Update — Tickera – Sell Tickets & Manage EventsCWE-862 4.3 Medium2026-02-18
CVE-2025-67939 WordPress Tickera plugin <= 3.5.6.2 - Broken Access Control vulnerability — TickeraCWE-862 6.5 Medium2026-01-22
CVE-2025-69355 WordPress Tickera plugin <= 3.5.6.4 - Broken Access Control vulnerability — TickeraCWE-862 4.3 Medium2026-01-06
CVE-2025-58611 WordPress Tickera Plugin <= 3.5.5.6 - Cross Site Request Forgery (CSRF) Vulnerability — TickeraCWE-352 4.3 Medium2025-09-03
CVE-2025-30851 WordPress Tickera plugin <= 3.5.5.2 - Broken Access Control vulnerability — TickeraCWE-862 4.3 Medium2025-03-27
CVE-2024-12578 Tickera – WordPress Event Ticketing <= 3.5.4.8 - Unauthenticated Customer Data Exposure — Tickera – Sell Tickets & Manage EventsCWE-200 5.3 Medium2024-12-14
CVE-2024-11351 Restrict – membership, site, content and user access restrictions for WordPress <= 2.2.8 - Unauthenticated Content Restriction Bypass to Sensitive Information Exposure — Restrict – membership, site, content and user access restrictions for WordPressCWE-200 5.3 Medium2024-12-11
CVE-2024-10263 Tickera – WordPress Event Ticketing <= 3.5.4.4 - Unauthenticated Arbitrary Shortcode Execution — Tickera – Sell Tickets & Manage EventsCWE-94 7.3 High2024-11-05
CVE-2024-5860 Tickera <= 3.5.2.8 - Missing Authorization to Authenticated (Susbcriber+) Ticket Deletion — Tickera – Sell Tickets & Manage EventsCWE-862 4.3 Medium2024-06-18
CVE-2024-35729 WordPress Tickera plugin <= 3.5.2.6 - Broken Access Control vulnerability — TickeraCWE-862 5.3 Medium2024-06-10

This page lists every published CVE security advisory associated with tickera. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.