CVE-2024-10263

Published Nov 5, 2024

Last updated 9 days ago

CVSS high 7.3

Overview

Description
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 3.5.4.4. This is due to the software allowing users to execute an action that does not properly validate a value before running do_shortcode. This makes it possible for unauthenticated attackers to execute arbitrary shortcodes.
Source
security@wordfence.com
NVD status
Analyzed

Risk scores

CVSS 3.1

Type
Primary
Base score
7.3
Impact score
3.4
Exploitability score
3.9
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Severity
HIGH

Weaknesses

security@wordfence.com
CWE-94

Social media

Hype score
Not currently trending

  1. 🚨 CVE-2024-10263 (Published: 2024-11-05) - Critical vulnerability in Tickera Event Ticketing System. Affects multiple versions. 🛠️ Remediation is available; ensure you update to the latest version to protect your site. More info: https://t.co/7MDLeZTBZv #WordPress #Security

    @transilienceai

    7 Nov 2024

    23 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. 🚨 CVE-2024-10263 (Published: 2024-11-05) - A critical vulnerability in the Tickera Event Ticketing System affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. Stay secure! 🔒 More info: https://t.co/7MDLeZTBZv #CyberSecurity…

    @transilienceai

    7 Nov 2024

    22 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. 🚨 CVE-2024-10263 (Published: 2024-11-05) - Critical vulnerability in Tickera Event Ticketing System. Affects multiple versions. 🛠️ Remediation: Update to the latest version as detailed in the changelog: https://t.co/7MDLeZTBZv. Stay secure! #WordPress #Security

    @transilienceai

    7 Nov 2024

    19 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. 🚨 CVE-2024-10263 (Published: 2024-11-05) - Critical vulnerability in Tickera Event Ticketing System. Affects multiple versions. 🛠️ Remediation available at: https://t.co/7MDLeZTBZv. Update your plugins to protect your site! #WordPress #Security

    @transilienceai

    7 Nov 2024

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  5. 🚨 CVE-2024-10263 (Published: 2024-11-05) - Critical vulnerability in Tickera Event Ticketing System. Affects multiple versions. 🛠️ Remediation: Update to the latest version as per the patch details here: https://t.co/7MDLeZTBZv. Stay secure! #WordPress #Security

    @transilienceai

    7 Nov 2024

    5 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  6. 🚨 CVE-2024-10263 (Published: 2024-11-05) - A critical vulnerability in Tickera Event Ticketing System affects multiple versions. Users are urged to update to the latest version immediately to mitigate risks. Check the changes here: https://t.co/7MDLeZTBZv #CyberSecurity… https:/

    @transilienceai

    7 Nov 2024

    15 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  7. 🚨 CVE-2024-10263 (Published: 2024-11-05) - Critical vulnerability in Tickera Event Ticketing System. Affects multiple versions. 🛠️ Remediation: Update to the latest version to secure your site. For details, check the changeset: https://t.co/7MDLeZTBZv #WordPress #Security

    @transilienceai

    7 Nov 2024

    18 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

Configurations

References