CVE-2025-1402 | theeventscalendar Event Tickets and Registration Plugin up to 5.19.1.1 on WordPress ajax_ticket_delete authorization

Posted by Angelo Barbosa | Feb 21, 2025 | CVE

A vulnerability, which was classified as problematic, has been found in theeventscalendar Event Tickets and Registration Plugin up to 5.19.1.1 on WordPress. Affected by this issue is the function ajax_ticket_delete. The manipulation leads to missing authorization.

This vulnerability is handled as CVE-2025-1402. The attack may be launched remotely. There is no exploit available.

CVE-2025-1402 | theeventscalendar Event Tickets and Registration Plugin up to 5.19.1.1 on WordPress ajax_ticket_delete authorization

Related Posts

CVE-2024-11260 | netweblogic Events Manager Plugin up to 6.6.3 on WordPress active_status sql injection

CVE-2025-24888 | freedomofpress securedrop-client up to 0.14.0 Source/Journalist Interface autostart safe_move path traversal (GHSA-6c3p-chq6-q3j2)

CVE-2024-21910 | TinyMCE up to 5.9.x Link cross site scripting (ID 366)

CVE-2024-36729 | TRENDnet TEW-827DRU devices up to 2.06B04 apply.cgi wizard_ipv6 reboot_type stack-based overflow