Product
high
advisory
WordPress Easy PayPal Events & Tickets Plugin Information Disclosure Vulnerability
2 rules 1 TTP 1 CVEAn information disclosure vulnerability in the Easy PayPal Events & Tickets WordPress plugin (versions 1.3 and earlier) allows unauthenticated attackers to enumerate and retrieve all customer order records via the scan_qr.php endpoint.
Easy PayPal Events & Tickets plugin
wordpress
info-disclosure
cve-2026-41471
unauthenticated
enumeration
2r
1t
1c
high
advisory
WordPress Easy PayPal Events & Tickets Plugin Authentication Bypass Vulnerability
2 rules 1 TTP 1 CVE 1 IOCAn unauthenticated remote attacker can exploit a hardcoded authentication bypass vulnerability in the Easy PayPal Events & Tickets plugin for WordPress (versions 1.3 and earlier) by providing 'test' as the hash parameter, allowing retrieval of sensitive order details.
Easy PayPal Events & Tickets plugin
wordpress
authentication bypass
vulnerability
2r
1t
1c
1i