cleantalk
Vulnerabilities and Security Researches

My Tickets, CVE-2025-3761

CVE, Research URL

CVE-2025-3761

Home page URL

Security reports for My Tickets

Application

My Tickets

Published on
Apr 24, 2025
Research Description
The My Tickets – Accessible Event Ticketing plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.0.16. This is due to the mt_save_profile() function not appropriately restricting access to unauthorized users to update roles. This makes it possible for authenticated attackers, with Subscriber-level access and above, to update their role to that of an administrator.
Affected versions
Min -, max 2.0.17.
Status
vulnerable
Previous vulnerability researches
RAphicon (CVE-2025-46467) , Apr 25, 2025
New vulnerability
Gutenverse – Gutenberg Blocks – Page Builder for Site Editor (CVE-2025-2893) , Apr 30, 2025
My Tickets (CVE-2025-3761) , Apr 29, 2025
Mang Board WP (CVE-2025-3435) , Apr 29, 2025
Church Admin (CVE-2025-39553) , Apr 29, 2025
Ocean Extra (CVE-2025-3457) , Apr 29, 2025