CVE-2026-41471 in easy-paypal-events-ticketsinformação

Sumário

de MITRE • 04/05/2026

The Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated attackers to enumerate and retrieve all customer order records. Attackers can iterate over sequential WordPress post IDs through the scan_qr.php endpoint to harvest the complete set of orders stored in the database without requiring authentication or prior knowledge of specific order identifiers.

VulDB is the best source for vulnerability data and more expert information about this specific topic.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

VulnCheck

Reservar

20/04/2026

Divulgação

04/05/2026

Moderação

aceite

Entrada

VDB-360997

CPE

pronto

CWE

CWE-639 (confirmado)

CVSS

7.5 (CNA)

EPSS

0.00188

KEV

não

Atividades

muito baixo

Sector

Hostingprovider

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-41471
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-41471
CVE Details	https://www.cvedetails.com/cve/CVE-2026-41471/

◂ Voltar Visão Geral Próximo ▸

Interested in the pricing of exploits?

See the underground prices here!