Paule

**Name of the Vulnerable Software and Affected Versions** The Tickera – WordPress Event Ticketing plugin versions up to, and including, 3.5.4.8 **Description** The issue allows unauthenticated attackers to extract sensitive data from bookings, including full names, email addresses, check-in/out timestamps, and more, via the "tickera tickets info" endpoint. **Recommendations** For versions up to, and including, 3.5.4.8, consider disabling access to the "tickera tickets info" endpoint until a patch is available. Restrict access to sensitive booking data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.