Aaron Schlitt

**Name of the Vulnerable Software and Affected Versions** The Tickera – WordPress Event Ticketing plugin versions up to, and including, 3.5.4.8 **Description** The issue allows unauthenticated attackers to extract sensitive data from bookings, including full names, email addresses, check-in/out timestamps, and more, via the "tickera tickets info" endpoint. **Recommendations** For versions up to, and including, 3.5.4.8, consider disabling access to the "tickera tickets info" endpoint until a patch is available. Restrict access to sensitive booking data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** TeamViewer Remote Client versions prior to 15.51.5 for Windows, Linux, and macOS **Description** The issue is related to improper initialization of default settings, allowing a low-privileged user to elevate privileges by changing the personal password setting and establishing a remote connection to a logged-in admin account. This could potentially lead to unauthorized remote access. The vulnerability is associated with errors in privilege management. **Recommendations** For TeamViewer Remote Client versions prior to 15.51.5, update to version 15.51.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the personal password setting to minimize the risk of exploitation. Avoid using the personal password feature in the affected TeamViewer Remote Client versions until the issue is resolved.