My Tickets
Monthly
My Tickets plugin version 2.1.1 and earlier contains an authentication bypass vulnerability that allows unauthenticated attackers to spoof user identities and gain unauthorized access to ticket systems. The vulnerability requires no user interaction and can be exploited remotely by any network-connected attacker. Currently, no patch is available for this medium-severity issue affecting installations of this WordPress plugin.
The My Tickets WordPress plugin before 1.8.31 does not properly sanitise and escape the Email field of booked tickets before outputting it in the Payment admin dashboard, which could allow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
My Tickets plugin version 2.1.1 and earlier contains an authentication bypass vulnerability that allows unauthenticated attackers to spoof user identities and gain unauthorized access to ticket systems. The vulnerability requires no user interaction and can be exploited remotely by any network-connected attacker. Currently, no patch is available for this medium-severity issue affecting installations of this WordPress plugin.
The My Tickets WordPress plugin before 1.8.31 does not properly sanitise and escape the Email field of booked tickets before outputting it in the Payment admin dashboard, which could allow. Rated medium severity (CVSS 6.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.