The Event Tickets and Registration plugin for WordPress has a security flaw that could lead to data being lost without permission. This is because the ‘ajax_ticket_delete’ function does not have a check to make sure only authorized users can access it. This means that anyone with Contributor-level access or higher could potentially delete any Attendee tickets.