CVE-2024-12578

The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 3.5.4.8 via the 'tickera_tickets_info' endpoint. This makes it possible for unauthenticated attackers to extract sensitive data from bookings like full names, email addresses, check-in/out timestamps and more.
Configurations

No configuration.

History

14 Dec 2024, 05:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-12-14 05:15

Updated : 2024-12-14 05:15


NVD link : CVE-2024-12578

Mitre link : CVE-2024-12578

CVE.ORG link : CVE-2024-12578


JSON object : View

Products Affected

No product.

CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor