CVE-2022-4549

Name of the Vulnerable Software and Affected Versions Tickera WordPress plugin versions prior to 3.5.1.0

Description The issue concerns a lack of CSRF check when updating settings, which could allow attackers to make a logged-in admin change them via a CSRF attack. This could potentially lead to unauthorized changes in the plugin's settings.

Recommendations For versions prior to 3.5.1.0, update to version 3.5.1.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the settings update functionality to minimize the risk of exploitation.