Which Tickera – Sell Tickets & Manage Events CVEs are tracked?

Tickera – Sell Tickets & Manage Events tracked CVEs include CVE-2024-10263, CVE-2021-24797, CVE-2024-12578, CVE-2023-7252, and CVE-2025-12356.

How many Tickera – Sell Tickets & Manage Events vulnerabilities have patch guidance?

13 of 13 tracked Tickera – Sell Tickets & Manage Events records include a published patch path.

Where should operators start on this Plugin hub?

Start with the priority CVE quick links, then open the full report for affected versions, remediation notes, CVSS vectors, and source references.

Plugin Vulnerability Hub

Plugin 13 known issues Latest disclosed Feb 17, 2026

Tickera – Sell Tickets & Manage Events Vulnerabilities

Review known vulnerability records for the WordPress plugin Tickera – Sell Tickets & Manage Events (`tickera-event-ticketing-system`), including severity, CVE references, affected versions, and patch status.

Recent tracked CVEs on this page include CVE-2025-12356, CVE-2025-67939 and CVE-2025-69355, so operators can jump from disclosure to patch validation without scanning the full feed first.

View on WordPress.org Back to Feed

Known Records

High or Critical

Patch Coverage

100%

Last Updated

Feb 18, 2026

Priority CVE Quick Links

Fast paths into Tickera – Sell Tickets & Manage Events CVE reports

Start with the highest-signal CVE records for this WordPress plugin before scanning the full vulnerability feed.

Indexed CVEs

CVE-2024-10263 High 3.5.4.6

CVE-2024-10263 Tickera – Sell Tickets & Manage Events Vulnerability

Tickera – WordPress Event Ticketing <= 3.5.4.4 - Unauthenticated Arbitrary Shortcode Execution

CVE-2021-24797 High 3.4.8.3

CVE-2021-24797 Tickera – Sell Tickets & Manage Events Stored Cross-Site Scripting

Tickera <= 3.4.8.2 - Unauthenticated Stored Cross-Site Scripting

CVE-2024-12578 Medium 3.5.4.9

CVE-2024-12578 Tickera – Sell Tickets & Manage Events Vulnerability

Tickera – WordPress Event Ticketing <= 3.5.4.8 - Unauthenticated Customer Data Exposure

CVE-2023-7252 Medium 3.5.2.5

CVE-2023-7252 Tickera – Sell Tickets & Manage Events Authorization Bypass

Tickera – WordPress Event Ticketing <= 3.5.2.4 - Insecure Direct Object Reference to Information Exposure

CVE-2025-12356 Medium 3.5.6.5

CVE-2025-12356 Tickera – Sell Tickets & Manage Events Vulnerability

Tickera – WordPress Event Ticketing <= 3.5.6.4 - Missing Authorization to Authenticated (Subscriber+) Event/Post Status Update

CVE-2025-67939 Medium 3.5.6.3

CVE-2025-67939 Tickera – Sell Tickets & Manage Events Vulnerability

Tickera <= 3.5.6.2 - Missing Authorization

CVE-2025-69355 Medium 3.5.6.5

CVE-2025-69355 Tickera – Sell Tickets & Manage Events Vulnerability

Tickera <= 3.5.6.4 - Missing Authorization

CVE-2025-58611 Medium 3.5.5.8

CVE-2025-58611 Tickera – Sell Tickets & Manage Events Cross-Site Request Forgery

Tickera <= 3.5.5.6 - Cross-Site Request Forgery

Coverage Snapshot

What this page helps you verify fast

This hub clusters every indexed record for Tickera – Sell Tickets & Manage Events so operators can confirm whether a disclosed issue maps to the installed slug, version range, and patch path.

Patch Visibility

13 records include a published patch path, leaving 0 with no listed safe release yet.

Severity Mix

0 critical and 2 high severity findings.

Recent CVEs

CVE-2025-12356, CVE-2025-67939 and CVE-2025-69355

Reference Workflow

Jump from the hub into the full report when you need remediation notes, exploit context, CVSS vectors, or source references.

Triage First

Open the records most likely to drive action

These recent records surface the CVE strings, patch cues, and direct report links most operators need first.

CVE-2025-12356 Medium Patch path listed

CVE-2025-12356: Tickera – WordPress Event Ticketing <= 3.5.6.4 - Missing Authorization to Authenticated (Subscriber+) Event/Post Status Update

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_change_ticket_status' AJA...

Published

Feb 17, 2026

Patch Status

3.5.6.5

Open CVE-2025-12356 Report

CVE-2025-67939 Medium Patch path listed

CVE-2025-67939: Tickera <= 3.5.6.2 - Missing Authorization

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5...

Published

Jan 16, 2026

Patch Status

3.5.6.3

Open CVE-2025-67939 Report

CVE-2025-69355 Medium Patch path listed

CVE-2025-69355: Tickera <= 3.5.6.4 - Missing Authorization

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5...

Published

Jan 09, 2026

Patch Status

3.5.6.5

Open CVE-2025-69355 Report

Known Vulnerabilities

Reports for Tickera – Sell Tickets & Manage Events

Sorted by latest disclosure date so newly published issues surface first.

Plugin Medium Patched: Yes CVE-2025-12356

CVE-2025-12356: Tickera – WordPress Event Ticketing <= 3.5.6.4 - Missing Authorization to Authenticated (Subscriber+) Event/Post Status Update

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wp_ajax_change_ticket_status' AJAX endpoint in all versions up to, and including, 3.5.6.4. This makes it possible for authe...

Published

Feb 17, 2026

Patched Release

3.5.6.5

Affected Versions

Versions up to 3.5.6.4

Next Step

Update to 3.5.6.5 or newer if supported.

Open CVE-2025-12356 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-67939

CVE-2025-67939: Tickera <= 3.5.6.2 - Missing Authorization

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and...

Published

Jan 16, 2026

Patched Release

3.5.6.3

Affected Versions

Versions up to 3.5.6.2

Next Step

Update to 3.5.6.3 or newer if supported.

Open CVE-2025-67939 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-69355

CVE-2025-69355: Tickera <= 3.5.6.4 - Missing Authorization

The Tickera – Sell Tickets & Manage Events plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.6.4. This makes it possible for authenticated attackers, with Subscriber-level access and...

Published

Jan 09, 2026

Patched Release

3.5.6.5

Affected Versions

Versions up to 3.5.6.4

Next Step

Update to 3.5.6.5 or newer if supported.

Open CVE-2025-69355 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-58611

CVE-2025-58611: Tickera <= 3.5.5.6 - Cross-Site Request Forgery

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.5.5.6. This is due to missing or incorrect nonce validation on a function. This makes it possible for unauthenticated attackers to perf...

Published

Sep 03, 2025

Patched Release

3.5.5.8

Affected Versions

Versions up to 3.5.5.6

Next Step

Update to 3.5.5.8 or newer if supported.

Open CVE-2025-58611 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2025-30851

CVE-2025-30851: Tickera <= 3.5.5.2 - Missing Authorization

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on a function in all versions up to, and including, 3.5.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and ab...

Published

Mar 27, 2025

Patched Release

3.5.5.3

Affected Versions

Versions up to 3.5.5.2

Next Step

Update to 3.5.5.3 or newer if supported.

Open CVE-2025-30851 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-12578

CVE-2024-12578: Tickera – WordPress Event Ticketing <= 3.5.4.8 - Unauthenticated Customer Data Exposure

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickera_tickets_info' endpoint. This makes it possible for unauthenticated attackers to extract sensitive data from bookings l...

Published

Dec 13, 2024

Patched Release

3.5.4.9

Affected Versions

Versions up to 3.5.4.8

Next Step

Update to 3.5.4.9 or newer if supported.

Open CVE-2024-12578 Report Open CVE Reference

Plugin High Patched: Yes CVE-2024-10263

CVE-2024-10263: Tickera – WordPress Event Ticketing <= 3.5.4.4 - Unauthenticated Arbitrary Shortcode Execution

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_sho...

Published

Nov 04, 2024

Patched Release

3.5.4.6

Affected Versions

Versions up to 3.5.4.4

Next Step

Update to 3.5.4.6 or newer if supported.

Open CVE-2024-10263 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-5860

CVE-2024-5860: Tickera <= 3.5.2.8 - Missing Authorization to Authenticated (Susbcriber+) Ticket Deletion

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. This makes it possible for authenticated attackers, wit...

Published

Jun 17, 2024

Patched Release

3.5.2.9

Affected Versions

Versions up to 3.5.2.8

Next Step

Update to 3.5.2.9 or newer if supported.

Open CVE-2024-5860 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2024-35729

CVE-2024-35729: Tickera <= 3.5.2.6 - Missing Authorization

The Tickera plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the generate_ticket_preview() function in versions up to, and including, 3.5.2.6. This makes it possible for authenticated attackers, with contributor-level access a...

Published

Jun 06, 2024

Patched Release

3.5.2.7

Affected Versions

Versions up to 3.5.2.6

Next Step

Update to 3.5.2.7 or newer if supported.

Open CVE-2024-35729 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-7252

CVE-2023-7252: Tickera – WordPress Event Ticketing <= 3.5.2.4 - Insecure Direct Object Reference to Information Exposure

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.5.2.4 via the order_key parameter due to missing validation on the user controlled key. This makes it possible for unauthenticate...

Published

Apr 01, 2024

Patched Release

3.5.2.5

Affected Versions

Versions up to 3.5.2.4

Next Step

Update to 3.5.2.5 or newer if supported.

Open CVE-2023-7252 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2023-23726

CVE-2023-23726: Tickera <= 3.5.1.0 - Cross-Site Request Forgery to Ticket Post Status Change

The Tickera plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.5.1.0. This is due to missing nonce validation in the tc_get_ticket_type_instances function. This makes it possible for unauthenticated attackers to change a ticket po...

Published

Feb 14, 2023

Patched Release

3.5.1.1

Affected Versions

Versions up to 3.5.1.0

Next Step

Update to 3.5.1.1 or newer if supported.

Open CVE-2023-23726 Report Open CVE Reference

Plugin Medium Patched: Yes CVE-2022-4549

CVE-2022-4549: Tickera <= 3.4.9.9 - Cross-Site Request Forgery to Plugin Data Deletion & Settings Changes

The Tickera plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 3.4.9.9. This is due to missing nonce validation in the ~/includes/addons/delete-info/includes/admin-pages/settings-tickera_delete_info.php file. This makes it possible...

Published

Dec 23, 2022

Patched Release

3.5.1.0

Affected Versions

Versions up to 3.4.9.9

Next Step

Update to 3.5.1.0 or newer if supported.

Open CVE-2022-4549 Report Open CVE Reference