Primary

Context

My Tickets WordPress Plugin Privilege Escalation Vulnerability

Vulnerability

Patched

A privilege escalation vulnerability has been identified in the My Tickets – Accessible Event Ticketing plugin for WordPress, affecting all versions through 2.0.16. The issue arises because the mt_save_profile() function fails to properly restrict access, allowing authenticated users with Subscriber-level access and above to unauthorizedly change their roles to administrator.

Impact

Exploitation of this vulnerability allows authenticated users to escalate their privileges to that of an administrator.

Remediation

Users can update to version 2.0.17 or a newer patched version to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

5.0

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

My Tickets WordPress Plugin Privilege Escalation Vulnerability

Vulnerability

Impact

Remediation

Affected Products

My Tickets

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating