Users' Ticket Leakage Vulnerability
CVE-2023-7252

Currently unrated

Key Information:

Vendor: Wordpress
Status: Tickera
Vendor: CVE Published:; 22 April 2024

Badges

👾 Exploit Exists🟡 Public PoC

Summary

The Tickera WordPress plugin is affected by an access control issue that allows users to view ticket information associated with other users. This vulnerability occurs in versions prior to 3.5.2.5, where insufficient restrictions lead to the inadvertent exposure of sensitive data. Without proper safeguards in place, unauthorized users can exploit this weakness, jeopardizing user privacy and compromising the integrity of ticket management within the platform.

Affected Version(s)

Tickera 0 < 3.5.2.5

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2023-7252 - Proof of Concept

References

https://wpscan.com/vulnerability/c452c5da-05a6-4a14-994d-...

exploitvdb-entrytechnical-description

Timeline

🟡
Public PoC available
Apr 22, 2024
👾
Exploit known to exist
Apr 22, 2024
Vulnerability published
Apr 22, 2024
Vulnerability Reserved
Mar 26, 2024

Credit

Martin Thirup Christensen

WPScan