The Tickera plugin for WordPress, which is used to sell event tickets, has a security issue that allows people to access it without permission. This problem affects all versions up to 3.5.5.2, and it means that someone with at least Subscriber-level access can do something they shouldn’t be able to do.