WordPress Plugin Vulnerabilities

Tickera WordPress Event Ticketing < 3.4.6.9 - Unauthenticated Sensitive Data Exposure

Description

Due to missing authorization controls in the "admin_init" hooks, all personal data from registered users of an event could be exported into a downloadable PDF file by every unauthenticated user. The event ID could be read from the page source and/or easily enumerated in sequence.

According to the original researcher, "After several attempts to contact the Plugin vendor (Twitter, email), we followed generally accepted disclosure guidelines. A lengthy correspondence with Tickera support was not successful as well."

Edit (WPScanTeam)
April 8th, 2020 - Report Received & Escalated to WP Plugins Team
April 9th, 2002 - v3.4.6.9 released
April 11th, 2020 - Disclosure

Proof of Concept

Affects Plugins

Plugin icon
tickera-event-ticketing-system
Fixed in 3.4.6.9

Miscellaneous

Original Researcher
Florian Hauser
Submitter twitter
@frycos
Verified
Yes
WPVDB ID
188d7017-f5a1-478a-96eb-dac0ca4add57

Timeline

Publicly Published
2020-04-11 (about 6 years ago)
Added
2020-04-11 (about 6 years ago)
Last Updated
2021-10-07 (about 4 years ago)

Other

Published
Title
Published
2019-07-10
Title
Hybrid Composer <= 1.4.6 - Unauthenticated Options Update
Published
2023-09-29
Title
WP Captcha <= 2.0.0 - Captcha Bypass
Published
2022-04-07
Title
SiteGround Security < 1.2.6 - Authorization Weakness to Authentication Bypass via 2-FA Back-up Codes
Published
2014-08-01
Title
WordPress - Plupload Unspecified Cross-Site Scripting (XSS)
Published
2024-06-14
Title
WooCommerce - Social Login < 2.6.3 - Email Verification due to Insufficient Randomness