CVE-2024-12578: Tickera – WordPress Event Ticketing <= 3.5.4.8 - Unauthenticated Customer Data Exposure

5.3 CVSS

Description

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickera_tickets_info' endpoint. This makes it possible for unauthenticated attackers to extract sensitive data from bookings like full names, email addresses, check-in/out timestamps and more.

Classification

CVE ID: CVE-2024-12578

CVSS Base Severity: MEDIUM

CVSS Base Score: 5.3

Affected Products

Vendor: tickera

Product: Tickera – WordPress Event Ticketing

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.05% (probability of being exploited)

EPSS Percentile: 19.29% (scored less or equal to compared to others)

EPSS Date: 2025-02-04 (when was this score calculated)

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/2db29c12-bf8a-4d5a-b12a-6c74b816d5f0?source=cve
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3201476%40tickera-event-ticketing-system&new=3201476%40tickera-event-ticketing-system&sfp_email=&sfph_mail=

Timeline

2024-12-15 00:30:13 UTC
CVE

Tickera – WordPress Event Ticketing <= 3.5.4.8 - Unauthenticated Customer Data Exposure