The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickera_tickets_info' endpoint. This makes it possible for unauthenticated attackers to extract sensitive data from bookings like full names, email addresses, check-in/out timestamps and more.
Metrics
Affected Vendors & Products
References
History
Mon, 16 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Sat, 14 Dec 2024 04:45:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickera_tickets_info' endpoint. This makes it possible for unauthenticated attackers to extract sensitive data from bookings like full names, email addresses, check-in/out timestamps and more. | |
Title | Tickera – WordPress Event Ticketing <= 3.5.4.8 - Unauthenticated Customer Data Exposure | |
Weaknesses | CWE-200 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: Wordfence
Published: 2024-12-14T04:23:39.780Z
Updated: 2024-12-16T16:41:10.760Z
Reserved: 2024-12-12T15:53:45.659Z
Link: CVE-2024-12578
Vulnrichment
Updated: 2024-12-16T15:59:31.931Z
NVD
Status : Received
Published: 2024-12-14T05:15:12.000
Modified: 2024-12-14T05:15:12.000
Link: CVE-2024-12578
Redhat
No data.