CVE-2024-12578

Name of the Vulnerable Software and Affected Versions The Tickera – WordPress Event Ticketing plugin versions up to, and including, 3.5.4.8

Description The issue allows unauthenticated attackers to extract sensitive data from bookings, including full names, email addresses, check-in/out timestamps, and more, via the "tickera tickets info" endpoint.

Recommendations For versions up to, and including, 3.5.4.8, consider disabling access to the "tickera tickets info" endpoint until a patch is available. Restrict access to sensitive booking data to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.