- Lana Codes
- Common Vulnerabilities
Tickera – WordPress Event Ticketing by Tickera <= 3.5.1.0 - Subscriber+ Arbitrary Post Status Update
LANACOMMONVDB ID: 7c2fc894-8618-4570-9c60-4502fc469af6
The plugin does not have authorisation and Cross-Site Request Forgery (CSRF) check when updating a post status, which could allow any authenticated users, such as subscriber to update arbitrary post status.
You must be log in to view vulnerability details.
Or register a new account.