WordPress Plugin Vulnerabilities
Tickera < 3.5.2.5 - Ticket leakage through IDOR
Description
The plugin does not prevent users from leaking other users' tickets.
Proof of Concept
After a user has bought a ticket, an example of a ticket would look like https://www.website.com/?download_ticket=1&order_key=1234567890&download_ticket_nonce=ab903b7c71, but due to missing validation, the URL can be shortened to https://www.website.com/?download_ticket=1&order_key=1234567890. This allows an attacker to take the ID value from another purchase in the download_ticket parameter and iterate through the order_key parameter from 00000000 to 99999999 and steal tickets from other participants
Affects Plugins
References
CVE
Classification
Type
IDOR
OWASP top 10
CWE
Miscellaneous
Original Researcher
Martin Thirup Christensen
Submitter
Martin Thirup Christensen
Submitter twitter
Verified
Yes
WPVDB ID
Timeline
Publicly Published
2024-04-01 (about 1 months ago)
Added
2024-04-01 (about 1 months ago)
Last Updated
2024-04-01 (about 1 months ago)