Vulnerabilities and security researches formy-tickets my-tickets

Apr 29, 2025

CVE, Research URL: CVE-2025-3761
Home page URL: Security reports for My Tickets
Application: My Tickets
Date: Apr 24, 2025
Research Description: The My Tickets – Accessible Event Ticketing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.0.16. This is due to the mt_save_profile() function not appropriately restricting access to unauthorized users to update roles. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to that of an administrator.
Affected versions: Min -, max -.
Status: vulnerable

Jan 22, 2025

CVE, Research URL: CVE-2025-22717
Home page URL: Security reports for My Tickets
Application: My Tickets
Date: Jan 21, 2025
Research Description: Missing Authorization vulnerability in Joe Dolson My Tickets allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects My Tickets: from n/a through 2.0.9.
Affected versions: Min -, max -.
Status: vulnerable

Jun 07, 2024

CVE, Research URL: CVE-2023-23988
Home page URL: Security reports for My Tickets
Application: My Tickets
Date: May 17, 2024
Research Description: Missing Authorization vulnerability in Joseph C Dolson My Tickets.This issue affects My Tickets: from n/a through 1.9.11.
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2021-24796
Home page URL: Security reports for My Tickets
Application: My Tickets
Date: Nov 17, 2021
Research Description: The My Tickets WordPress plugin before 1.8.31 does not properly sanitise and escape the Email field of booked tickets before outputting it in the Payment admin dashboard, which could allow unauthenticated users to perform Cross-Site Scripting attacks against admins
Affected versions: Min -, max -.
Status: vulnerable

CVE, Research URL: CVE-2022-47440
Home page URL: Security reports for My Tickets
Application: My Tickets
Date: Mar 13, 2023
Research Description: Cross-Site Request Forgery (CSRF) vulnerability in Joseph C Dolson My Tickets plugin <= 1.9.10 versions.
Affected versions: Min -, max -.
Status: vulnerable