The Tickera plugin for WordPress has a security issue that could allow unauthorized people to access sensitive data. This is because there is a function called generate_ticket_preview() that doesn’t check for proper permissions. As a result, attackers who are logged in with contributor-level access or higher can view ticket previews without permission.