cleantalk
Vulnerabilities and Security Researches

Easy PayPal Events, CVE-2026-32834

CVE, Research URL

CVE-2026-32834

Home page URL

Security reports for Easy PayPal Events

Application

Easy PayPal Events

Published on
May 04, 2026
Research Description
Easy PayPal Events & Tickets plugin for WordPress version 1.3 and earlier contain a hardcoded authentication bypass vulnerability in the QR code scanning functionality that allows unauthenticated remote attackers to bypass hash verification by supplying 'test' as the hash parameter. Attackers can access the vulnerable endpoint via the add_wpeevent_button_qr action to retrieve sensitive order details including PayPal transaction IDs, customer email addresses, purchase amounts, and ticket information for any order with a known or guessed post ID. This plugin was officially closed as of 2026-03-18.
Affected versions
max 1.3.
Status
vulnerable
Previous vulnerability researches
Easy PayPal Events (CVE-2026-41471) , May 07, 2026
Easy PayPal Events (CVE-2024-8476) , Sep 26, 2024
Easy PayPal Events (CVE-2026-32834) , May 07, 2026
Easy PayPal Events (CVE-2025-47519) , May 09, 2025
Easy PayPal Events (cc5c994c8fa9b2416f0e97a9f763aaab5c71441e) , Jun 07, 2024
New vulnerability
Ditty – Responsive News Tickers, Sliders, and Lists (CVE-2026-9011) , May 24, 2026
GSheet For Woo Importer (CVE-2026-4843) , May 24, 2026
Email Marketing, Email Automation & Newsletter for WordPress & WooCommerce – Mail Mint (CVE-2026-27349) , May 24, 2026
Location Weather – Best Weather Forecast Widget Plugin for WordPress (CVE-2026-7249) , May 24, 2026
Hotel Booking Lite (CVE-2026-8684) , May 24, 2026