PT-2026-60431 · WordPress · Tickera

·

CVE-2026-13754

·

Published

2026-07-16

·

Updated

2026-07-16

CVSS v3.1

6.5

Medium

VectorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Name of the Vulnerable Software and Affected Versions Tickera – Sell Tickets & Manage Events versions prior to 3.6.0.1
Description An issue exists where authenticated attackers with custom-level access and above can perform a generic SQL Injection. This occurs due to insufficient escaping of user-supplied data and a lack of proper preparation of the SQL query. By manipulating the s parameter, an attacker can append additional SQL queries to extract sensitive information from the database.
Recommendations Update the plugin to a version newer than 3.6.0.0. Avoid using the s parameter until the update is applied.

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-13754

Affected Products

Tickera