Skip to main content

Event Tickets Manager For Woocommerce

2 CVEs product

Monthly

CVE-2026-57400 MEDIUM This Month

Missing Authorization (CWE-862) in the Event Tickets Manager for WooCommerce WordPress plugin versions through 1.5.5 allows unauthenticated remote attackers to exploit incorrectly configured access control levels, resulting in limited but unauthorized modification of data and disruption of availability. The CVSS vector (PR:N/UI:N) confirms exploitation requires no authentication and no user interaction, lowering the barrier for abuse against any WordPress site with the plugin installed and active. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Authentication Bypass WordPress Event Tickets Manager For Woocommerce
NVD
CVSS 3.1
6.5
EPSS
0.3%
CVE-2026-34898 HIGH This Week

Broken access control in the Event Tickets Manager for WooCommerce WordPress plugin (versions up to and including 1.5.3) allows remote unauthenticated attackers to perform restricted actions or modify data without proper authorization checks. The flaw stems from a missing authorization layer (CWE-862) on one or more plugin endpoints, making it reachable directly over HTTP by anyone who can talk to the WordPress site. No public exploit has been identified at time of analysis, but the vulnerability was reported by Patchstack and is tracked under EUVD-2026-36920.

Authentication Bypass WordPress Event Tickets Manager For Woocommerce
NVD VulDB
CVSS 3.1
7.5
EPSS
0.2%
EPSS 0% CVSS 6.5
MEDIUM This Month

Missing Authorization (CWE-862) in the Event Tickets Manager for WooCommerce WordPress plugin versions through 1.5.5 allows unauthenticated remote attackers to exploit incorrectly configured access control levels, resulting in limited but unauthorized modification of data and disruption of availability. The CVSS vector (PR:N/UI:N) confirms exploitation requires no authentication and no user interaction, lowering the barrier for abuse against any WordPress site with the plugin installed and active. No public exploit code has been identified at time of analysis, and the vulnerability is not listed in the CISA KEV catalog.

Authentication Bypass WordPress Event Tickets Manager For Woocommerce
NVD
EPSS 0% CVSS 7.5
HIGH This Week

Broken access control in the Event Tickets Manager for WooCommerce WordPress plugin (versions up to and including 1.5.3) allows remote unauthenticated attackers to perform restricted actions or modify data without proper authorization checks. The flaw stems from a missing authorization layer (CWE-862) on one or more plugin endpoints, making it reachable directly over HTTP by anyone who can talk to the WordPress site. No public exploit has been identified at time of analysis, but the vulnerability was reported by Patchstack and is tracked under EUVD-2026-36920.

Authentication Bypass WordPress Event Tickets Manager For Woocommerce
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy